Nostr notes by m4d4m

The origins of the git: ...

2026-03-26T15:50:12Z

The origins of the git:

Awesome. Would like to have big battery, ability to use USB-C for ...

2026-03-23T12:13:00Z

In reply to nevent1q…l3mq
_________________________

Awesome.
Would like to have big battery, ability to use USB-C for external display (use it as notebook sort of), ultrawide camera with OIS.
No fancy bullshit like connectivity to Starling, 240Hz refreshrate, HDR, DolbyAtmos, UWB, wireless charging.
Rather easier maintenance in case I drop it (less glue everywhere), no curved screen.

It is KYC free for me (use burner phone if you are afraid of ...

2026-03-23T11:46:14Z

In reply to nevent1q…xuwj
_________________________

It is KYC free for me (use burner phone if you are afraid of exposing the number, or prepaid number). The point is to avoid the bank transfer and most of the marketplace offers are precisely like this on Vexl.

Best way is to use strictly cash/f2f. On Bisq ...

2026-03-23T11:04:02Z

In reply to nevent1q…aaep
_________________________

Best way is to use strictly cash/f2f.

On Bisq (https://bisq.network/) they do have categories like this (cash by mail or in person).

Or try vexl (npub1mft…rkl3) l (https://vexl.it/) for the same + there are some goods/services as well.
The phone number is only for matchmaking (and by extension the reputation, if you can reach the peers and ask about the counterparty, depends on how you source the contacts).
Encrypted, no account, live only in device.
It does use Signal messaging-like solution under the hood iirc, SMS is only for verification so no bots can use it.
So not even them can read and conclude if anything happened on the platform.
Only both counterparty can know (and it's necessity anyway for f2f).

Who would have thought we would have this Xiaomi MiMO V Pro to ...

2026-03-21T20:13:58Z

Who would have thought we would have this Xiaomi MiMO V Pro to boost our passion for many things!
(The ad in magazine InfoWorld - 12.7.1999)

"By the time they reach the eighth grade, 30% of them will be ...

2026-03-21T18:40:14Z

"By the time they reach the eighth grade, 30% of them will be able to hack into your system."
The ad in magazine InfoWorld, 12.7.1999.

How precise - the 30%! And what crimes they will commit, huh?

"If you're unable to predict a disaster, make a ...

2026-03-21T18:13:05Z

"If you're unable to predict a disaster, make a disastrous prediction about the future" - Nicholas Petreley

Curious why you went the KYC route? Do you think it was a bad ...

2026-03-17T11:33:40Z

In reply to nevent1q…2zzw
_________________________

Curious why you went the KYC route? Do you think it was a bad move after all this time?

Friendly reminder: you do not need the fcuking Docker Desktop. ...

2026-03-14T18:36:41Z

Friendly reminder: you do not need the fcuking Docker Desktop. It's sluggish, wannabe AI enhanced, idk what else it does, fancy dashboard(?).
Basically all that is needed can be handled from the cli, goddamn.
Also it does create the infamous ~/.docker/desktop/vms/0/data/Docker.raw and this is (despite a setting in the GUI) often overridden by Docker resulting in insane amounts of storage taken by this volume.
And to make this worse, it's a static size regardless of whether there is something inside or not. Any prune won't make it smaller.
And if there is encryption in place it will get stuck forever creating this volume black box blob.
It's really beyond my understanding why the Desktop is always bundled with many installation guides, war crime this is.

There is only one Slavia I tolerate. ...

2026-03-12T20:58:57Z

There is only one Slavia I tolerate.

quoting
nevent1q…hctq
One day it’s thousands of sensitive insurance documents.

The next it’s how much bitcoin you bought, your name and where you live...

KYC = Kill Your Customer!

@npub176p…vgup may know a lot about this - if any exist at all.

2026-03-12T12:32:33Z

In reply to nevent1q…vvxd
_________________________

pip (npub176p…vgup) may know a lot about this - if any exist at all.

Yup

2026-03-12T11:48:16Z

In reply to nevent1q…rutr
_________________________

Yup

Look @npub1gun…nudq, with never ending enshittification of ...

2026-03-12T11:26:16Z

Look satsdisco (npub1gun…nudq), with never ending enshittification of every corner on the internet - there is new opportunity for filling the Vexl marketplace.

(OK, the owner of the place hates BTC all the time and even banned the word in the text of the offers, though that could be avoided with some wording.)

I don't understand even how the nostr.band is considered as ...

2026-03-09T20:56:23Z

In reply to nevent1q…35q4
_________________________

I don't understand even how the nostr.band is considered as possible relay because my relay set nor the note I'm reacting on (looking at 'seen on pop-up') does have this one listed.

#asknostr Today (on a profile I help to run) this error response ...

2026-03-09T20:24:01Z

#asknostr Today (on a profile I help to run) this error response for a 'like' reaction on post has been given to me. Yet after refresh the reaction is accounted for.
I don't understand much what does it mean and why it ended all good after all despite the error. I mean the policy and WoT.

Just as thinking 'should I buy more octopus', this gem ...

2026-03-09T18:48:25Z

In reply to nevent1q…uz9p
_________________________

Just as thinking 'should I buy more octopus', this gem grounded me back from oceans:

Another one down; many to go. ...

2026-03-02T21:22:10Z

Another one down; many to go.

quoting
nevent1q…lgku
Just received my final Google data request on my longest running account. Got my stats in :)

I stopped using Google Voice in 2018
I stopped using Gmail in 2018
I stopped using Chrome in 2019
I removed all of my Drive content in 2020
I stopped using Google Maps in 2022
I stopped using Google on android in 2022
I stopped using Youtube on 2023
I started blocking Google and associated domains and IPs in 2024 at a DNS level.

Just a reminder that you CAN remove Google from your life completely.

Coracle (made by @npub1jlr…ynqn) desktop&mobile have this ...

2026-03-02T15:30:52Z

In reply to nevent1q…nnx8
_________________________

Coracle (made by hodlbod (npub1jlr…ynqn)) desktop&mobile have this implemented like:

Still there ^ @npub1zaf…26k5

2026-03-01T11:20:07Z

In reply to nevent1q…q5e4
_________________________

Still there ^ elsat (npub1zaf…26k5)

Find out (from album cover for soundtrack by the jazz artist ...

2026-03-01T11:16:39Z

In reply to nevent1q…zm3s
_________________________

Find out (from album cover for soundtrack by the jazz artist Alain Goraguer) this should be painted by Roland Topor.

Some notes carry a wisdom with them. Apply carefully. ...

2026-02-28T23:36:12Z

Some notes carry a wisdom with them. Apply carefully.

quoting
nevent1q…4wee
Get it no KYC. Also, ideally, no one should know you have it. Especially females - you tell something one of them and immediately everyone she knows also knows. Your family is likely also full of pseudo-communists, so assume that your cousin will snitch. Their loyalty to the state is stronger than the loyalty to you.

This is great podcast - good baseline for the current situation ...

2026-02-28T23:25:29Z

This is great podcast - good baseline for the current situation with Iran.

Hidden Forces: Iran's Counterrevolution & the Future of the Greater Middle East | Kamran Bokhari

Episode webpage: https://hiddenforces.io/podcasts/iran-protests-future-middle-east-kamran-bokhari/

Media file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/hiddenforces/Ep.459_V2_HYP_Ep.12_Kamran_Bokhari_Main_Feed_teaser_1-19-26v3.mp3

There is this project @npub15x6…syd3 made by @npub1m2m…r8p9 - ...

2026-02-28T23:17:32Z

In reply to nevent1q…pn2d
_________________________

There is this project TamersofEntropy (npub15x6…syd3) made by Juraj (npub1m2m…r8p9) - so maybe there will be a lesson to learn.

While surfing the YT for new sounds, stumbled upon this and ...

2026-02-28T23:10:00Z

While surfing the YT for new sounds, stumbled upon this and it's the same artist (seems to me) you have the profile pic from him. Who is it? vezire (npub1ryc…pr3m)

https://www.youtube.com/watch?v=6exzlrLFIFA

Banger - can you drop the name?

2026-02-28T22:41:36Z

In reply to nevent1q…9kx8
_________________________

Banger - can you drop the name?

In my case it's (update from today): Image Toolbox ...

2026-02-18T23:16:18Z

In reply to nevent1q…lada
_________________________

In my case it's (update from today): Image Toolbox 3.6.2-alpha

This may be a handy addon for selfhosting: ...

2026-02-18T21:14:09Z

In reply to nevent1q…0mr3
_________________________

This may be a handy addon for selfhosting:

https://github.com/ai-robots-txt/ai.robots.txt?tab=readme-ov-file#usage

Still being updated quite actively.

@npub10r8…t2p8 the web page Download > Verify > Mobile ...

2026-02-15T19:59:56Z

Zapstore (npub10r8…t2p8) the web page Download > Verify > Mobile does have link from the "Use AppVerifier" for the GH repo that does not exist / (/nicman23/appverifier) 404.

The repo you possibly should link is the: github.com/soupslurpr/AppVerifier

I feel like Amethyst does that. If a comment note is clicked ...

2026-02-15T19:37:05Z

In reply to nevent1q…453g
_________________________

I feel like Amethyst does that. If a comment note is clicked (from the Conversations feed) I'm starting in the position within entire history from original note - ending with all the comments.
Can quickly scroll up/down and return by sideway R>L swipe. Neat.

Amethyst is mobile (Android), so not sure if apply to the criteria as all examples are web/PWA.

I'm using Coracle also a lot, both PWA and mobile because of this ability to see more of the context.

OK, there is some work on it. ...

2026-02-15T18:56:48Z

OK, there is some work on it.

https://github.com/nostrability/nostrability/issues/269

quoting
nevent1q…58nf
#asknostr

PoW, user just spend short time on Nostr.
Well I know the settings can be adjusted (on some clients and usually on/off for WiFi/cellular).

But what is the solution?

Media proxy, enforcing the size of media/file per note/blossom event while client attempt to make a use of media/file?

Not only relay wasting bandwidth but also user suffer - it's really so far still data heavy and not usable on many places around the world.

So far seems to me that only can filter content eventually through some relays that will do the job (DVM for data saving?) for me if client will sense the device is on mobile data.

Or caching feed offline on WiFi and letting me mainly read it with info that it's not in-time atm of seeing notes.

Where I can read more about actual state of this within the Nostr space?

All right, now with this, I'm all in! ...

2026-02-15T01:59:42Z

In reply to nevent1q…2prf
_________________________

All right, now with this, I'm all in!

Proton does have now Palestinian Territory (Ramallah) VPN ...

2026-02-15T01:41:52Z

Proton does have now Palestinian Territory (Ramallah) VPN servers.
P2P allowed.
And even they are, as of now, marked like full HW presence in the area - in contrast to some virtual servers using the Smart routing.

2026 and users can torrent with the ✡Hamas✡, lol.

Today I updated my Matrix server because of a fix to mitigate a ...

2026-02-14T23:55:39Z

Today I updated my Matrix server because of a fix to mitigate a signing-key compromise in Element Server Suite (ESS) by ignoring the affected key by default.
For my rooms, this means a migration, and after that everyone sees: "This room has been replaced and is no longer active."
The only quick, meaningful explanation of why this message is displayed is to be found here:

https://forum.torproject.org/t/tor-project-matrix-room-upgrades-coming-next-week/20536.

It's funny; the average user has no idea, everyone just clicking on it.

In effect, this also means old messages can't really be deleted anymore. That's only possible in the currently active room.
Also, if the room is private, users cannot migrate on their own. An admin must invite them one by one.
Manually, there is no script.

In general, I realized a few more things:
Communities are in the documentation but aren't used anymore; there are Spaces instead.
And Spaces don't have any (non-technical, user-facing) documentation on Matrix . org.
Rooms can't be migrated between Spaces and standalone rooms easily anyway.
(At least in Element, I couldn't figure it out, maybe it's client-dependent for now.)

Not to mention: the biggest hurdle is still identity (MXID) in Matrix, which is DNS-dependent. DNS is a scam, a chokepoint of rented addresses.
Resilient, DNSSEC provides nice protection against response tampering, but that's it.

@username:sub.domain.xyz. That's all. If the server where you create the account isn't hosted well, you're cooked the moment the identity is created.
Stolen, seized, or expired domains. Or just the fact that, along the DNS chain of command, there's usually a SPOF, with a single person holding the credentials.

This is something Nostr definitely handles better.

quoting
nevent1q…peda
Signal may not be perfect.

But every single time I use anything different, it remind me how clean the UI/UX is.
And I hope they won't change anything about it at all.

For example, started few months unused Matrix client, the Element:

+++ does work with VPN, alias email service, no questions asked, no phone verification

- there is left bar menu, opening one submenu, with Home and rest of whatever call it, rooms?
- this Home opening sub-menu People/Rooms/System Alers chats
- some rooms are only visible under Home, while some in left menu, idk why
- there is a division between rooms and space - can't understand difference
- Almost 3/4 of rooms have now the message: This room has been replaced and is no longer active. But why, some large upgrade?
- if I do not visit every room and migrate myself into new one, I'm basically with no info about it's dead end situation
- rooms chat are clumsy, full of info like: changed their profile picture 4 times, changed their name, and left. Umm, cool and what?
- more spam and unrelated service info, especially if there is Discord/TG/IRC<>Matrix bridge connection
- so messages look like shit: RoomBridge 'Actual message'
- hard to react on this
- hard to meaningfully search the content
- servers suck, if it fck up itself, entire room is corrupted
- moderation on this mess is almost impossible
- clients suck as well - monoculture now, Element only afaik 'usable'
- have no info what is shared where and what rules are applied to such connections
- some bridges are one way, some rooms have apparently mixed modes
- so many rooms have 'End-to-end encryption isn't enabled'
- it even can't be enabled because of: 'Enabling encryption may prevent many bots and bridges from working correctly.' (Ok, this does make sense.)
- if I leave old rooms, some remain in notifications, stuck forever and I can't get rid of them

Feels like Element won't starting for few more months on my machine yet again.

SimpleX still is quite promising.

What is the matter with Simple Taproot Channels on LND not being ...

2026-01-29T13:51:19Z

What is the matter with Simple Taproot Channels on LND not being used much? Having trouble finding a node to open one.

Also, it's impossible for me to filter out nodes by this feature or any info at all basically.

But we have some 'AI powered liquidity' here instead.

quoting
nevent1q…hs4t
idk 'AI-Powered', just why

I'd like to read (in my opinion) high quality and not much ...

2026-01-29T02:00:23Z

I'd like to read (in my opinion) high quality and not much biased critique, like this one.
And especially from someone who is an expert (unlike me) for this programming stuff.

So lets explore some Vervaekeism (had to use Kagi search as it's a novelty to me) about how getting dirty with code can reveal us that the syntax is not mere ceremony; boilerplate is meaningful.

*the part about the domestication of us humans (with the example of wood-burning stoves) really reminds me of how it took me almost 3 yrs to learn how to operate the downdraft gasification boiler that replaced the old 'just burn the pile of wood somehow'.

Not to mention that one tiny broken part in the mechanism responsible for dealing with the pressure difference between building heating and long-distance hot water pipeline for the heat distribution.
Spend 4 days with no heat and hot water in lowest temperatures this winter.

Undisclosed and thus not well understood complexity that can't be explained correctly by the AI can be hard to fix.
(Despite the manuals, years of the forum posts and entire FAQ knowledge being available basically online for AI to digest.)

And that is easier with hardware as it offers quite direct feedback, with the hot stuff, if done wrong.

quoting
naddr1qv…dafm

Some people faint at the sight of blood. I am becoming increasingly nauseous at the sight of slop. Whether it’s a visceral fear of losing the thing that I’m good at to the machines, disgust at seeing craven humans bow before their technological idols, or just the toxic buildup of sludge in my veins, I’m not sure. But I’ve had enough.

The Machine is bleeding, or maybe we are. The sum of human knowledge and culture has been scraped, ingested, and sprayed across the internet. To borrow a Vervaekeism, pay attention to the words I’m using. Words are intentional, multi-valent, the result of a mind struggling to reveal itself.

The “tokens” an LLM outputs are none of these things. Although it hijacks “language” and bends it to its uses, the LLM cannot produce words, only “content” — pure, decontextualized, decompositional liquid. In other words, “slop”.

Slopitechture

Post-industrial sludge is not a good building material. Sure, you might be able to squirt it in the joints and empty spaces to fill up space or glue surfaces together. You might even be able, with sufficient discipline, to create some kind of cellular superstructure to hold the slop in with. But slop software has as much in common with software craftsmanship as a 3D printed building has in common with architecture.

In both cases, we countenance the perversion of our discipline in the name of “efficiency”. If it reduces labor and material costs, how can we argue? While you might not want to live in a goop house yourself, at least it benefits the poor who couldn’t otherwise afford one. Stained glass, wooden beams, and brick fireplaces are relics of a time gone by. We may feel nostalgic for the past, but we must leave it behind in the name of Progress.

But do we know what we’re giving up? The gradual phasing out of wood-burning stoves means people can no longer heat their own homes. The use of industrial materials in construction means people can no longer build or repair their own houses. If I must depend on industrial inputs to keep the machine that is my home running, am I really free, or have I been “domesticated” in a new sense?

Slopware Development

Slop coding is the same kind of transition, from beauty, purpose, meaning, and elegance, to “output". It is the displacement of human skill, ingenuity, and attention to detail by the brute force volumetric deposition of gunk.

This is the tyranny of the average. Slop code is by definition, exactly as good as what a moderately competent developer can produce in his specific area of expertise. It will be far “better” in any given circumstance than code produced by novice programmers, programmers working in a different industry or language, or the non-programmer.

To that I say: wonderful. I’m not an elitist. If a shop owner, analyst, or mom can whack together custom software to solve their particular problem, great. I’ll even use it too: to work in a language or domain I’m not personally familiar with, stand up a prototype, write a quick utility.

But do we know what we’re giving up when we apply this style of programming? The proliferation of average is the sacrifice of the weird. Typescript displaces Clojure. Idiosyncratic coding styles are swallowed under a wave of monotone. Deep understanding of a problem is replaced by a rat’s nest of exponential backoff, try/catch, and convergent interfaces. Minds skim across the surface of understanding like rocks on a lake. Programming pearls are cast before swine.

If you’re a professional programmer, try to go a week without using an LLM and you’ll notice just how much you rely on it. Admit it, you don’t read documentation anymore, do you? When was the last time you actually looked at a page of search results instead of just asking Kagi Assistant or Perplexity for the answer? You mean I have to use my hands to type? That’s like a baby’s toy!

This isn’t just about the atrophy of skills through disuse, although it is that. It’s about our newfound ability to just not bother. Why bother read documentation for half an hour when the LLM already knows how to use the tool? Why bother reviewing the code, when it’s probably good enough, and can be re-generated if not. Why bother designing anything when average is good enough?

But if we don’t bother, we don’t care, and no fire hose of manure can build a house when the architect is asleep in his office.

Upslopping

Call this up-skilling if you like. Tell me all about your polecats and how if you yell at them with just the right tinge of paternal disappointment they won’t light your factory on fire or delete your hard drive. Tell me about how if I just pay Anthropic $1,000 every week (you don’t really think your “pro” subscription is still going to be there after the bubble pops, do you?) I’ll be able to do the work of ten sad, unfulfilled developers instead of only one.

I can’t help but feel that all this hype is just cope for people who like to be dominated by their own tools. LLMs are suitable to particular types of tasks, for which average and fast are unqualified endorsements. The kind of task which was already easy, but which is now easier. Pounding out reams of boilerplate with a single prompt is an exhilarating experience, but it’s still just reams of boilerplate.

When I look at the hype surrounding LLM-assisted coding, I don’t see people writing ground-breaking new products. I see clones of clones: derivative, unoriginal, average work. But the hard parts are still there. So you cloned Slack — now execute on a go-to-market strategy. We’ve always felt the draw to work on easy tasks and busywork instead of the important stuff. LLMs juice that impulse, making it almost impossible to resist. I can build 10 complex projects in a month! Who cares if no one uses them and I have no intention of marketing, supporting, or maintaining them?

And at the end of the day, nothing can replace code except for code. We seem to have all forgotten that code is not written for machines, it’s written for humans. Code is language — a medium of communication intended to be shared between people. This is why we have higher-level languages — because it’s a waste of your short life to sit staring at the screen of your hex editor.

This is the same argument AI evangelists will use in favor of LLM-generated code. The claim is that the “prompt” is a new kind of higher-level programming language which frees us from the drudgery of syntax. Anyone who thinks otherwise is a technophobic luddite.

But this just doesn’t hold up under scrutiny. Constraints are not limitations, they are affordances which focus the attention and intention of the builder. Whatever problems programming language design causes through the “foolish consistency” of “little minds”, it more than makes up for by establishing conventions that structure our thought. This is why programmers learn new languages — to learn to think in new ways.

The idea of “prompt as source code” sounds nice. But think for two seconds about this. Your compiler is a massively expensive thinking machine in a data center somewhere. Are you really going to spend $100 every time you want to update your specification so you can rebuild your app? Are you really going to tolerate the massive variability in output that will occur when the LLM one-shots your project from scratch over and over?

Even if we solve these problems (and we will, for example by asking the agent to do a comprehensive diff between the prompt and the code in order to make incremental, directed changes) a specification is still a specification — i.e., code.

It’s easy for programmers to underestimate just how much source code matters. Syntax is not mere ceremony; boilerplate is meaningful. We get so used to our coding conventions that they become invisible to us. Maybe some of this implicit information can be captured in a prompt, or replicated by an LLM. But for projects that aspire to maturity, the developer will always need a way to reach underneath the level of the conceptual to specify how as well as what. The failure of purist declarative programming is evidence enough of this.

For me at least, getting my hands dirty also helps me to think. If I don’t look at code and think about how it fits together, I’m never quite able to comprehend the problem I’m addressing, or what the proper solution is. I know that this is less of a thing for people with management or engineering experience, but I don’t think it can be fully discounted. The fact is, the farther you are from the code, the farther you are from the code.

Anyway what would it look like to bring this vision of LLM-as-compiler to fruition? Well, a new programming language, of course. But this time it’s better than before, because it’s slower, more expensive, non-deterministic, and doesn’t run on your own hardware! Sounds like a winning combination to me.

Sloponomics in One Lesson

Notice what I’m not saying. I’m not saying LLMs are useless, that they are a fad, or that I won’t use them. They are an almost ideal tool for non-experts (and all of us are non-experts in most areas). What I am saying is that their use has a cost. That there are trade-offs to technical choices. That many of these trade-offs are invisible, and only show up at scale, and over time.

It’s pretty universally agreed upon at this point that we are in the midst of an AI bubble. The disruptive model of Silicon Valley has itself been disrupted, and now every tech company on earth is in a mad dash to realize the promises of the machine mind. This means that we are in a period of growth, not consolidation. In order to gain market share, everyone is moving as quickly as possible to give away as much as possible. Think about where we will be when OpenAI, or Anthropic, or Google, or Microsoft captures a decisive share of the market and consumers lose the ability to choose between providers. Someone has to pay for all those data centers.

I don’t think LLMs are going to get prohibitively expensive, pricing out these companies’ current customers. But I do think there will be an effort to cut costs by switching work loads to cheaper models, resulting in the gradual enshittification of LLM tools along with everything else in our declining dollar economy. For those of us who hand-pick our models or run them ourselves, well, we’ll pay for what we get. For the rest, it doesn’t take much imagination to anticipate how LLM providers are going to abuse their ability to intermediate our conversations with the bots, from injecting content directly into conversations or software products, to massaging our chat histories into the highest-resolution advertising (and propaganda) profile ever witnessed.

The bigger point here though is not an economic one. It’s that whether in terms of the economy, our skills, or our culture, there’s no going back. Our decisions have consequences; the technologies we create and adopt have an effect, not just in terms of getting done the work we aim them at, but also in terms of unintended second-order consequences. People and tools exist together in a complex, ecological system. We may put our oar in to try to influence the development of this ecosystem, but the technological millieu influences us comprehensively. The technological world creates the circumstances upon which our very existence as technological man is predicated. A shift as large as the one we are undergoing now will not be inconsequential.

There are unique risks involved in this particular technological shift too. The possibilities of model collapse mean that the returns on efficiency of LLMs may be diminishing, or even reversing, as the machines are fed with their own output. The atrophy or abandonment of human skills plays into this too, because if organic activity is displaced by artificial, then the amount of new content on which LLMs can be trained is rapidly declining.

Already, StackOverflow’s traffic has declined to 10% of where it was only 5 years ago. TailwindCSS recently laid off 75% of their team because no one is finding out about their premium offering from their documentation any more. There’s a chance that we are entering a dark age of innovation in software. If LLMs are only able to regurgitate reconstituted ideas from the past, they can’t be considered a source of new ideas.

One counter-argument of course is that LLMs make it easy to learn new subjects, increasing the spread of knowledge. I think this argument is over-stated. LLMs can help someone get to basic competency quickly, but cannot replace deep study. Innovation still has to come from a deep well of experience, which is comprised not just of knowledge, but also of pain, frustration, and nights spent awake imagining possible futures.

Another counter-argument is that LLMs will allow disciplined programmers to curate their attention, directing it toward solving interesting and hard problems. This may be the case in some resource-scarce environments like start-ups, but in most cases the gains will be marginal. Chores are rarely a real excuse, and can themselves be a source of inspiration; under-performance is more often attributable to complacency, incentives, and sources of external friction like corporate bureaucracies than mere drudgery. And for the occupational “innovators” in academia, well, they’re already pursuing the cutting edge in their micro-niche with their full attention.

The Technological Slopciety

A helpful paradigm for looking at the problems of tools and technology which I’m currently obsessed with is called “conviviality”, coined by Ivan Illich in his eponymous book. Here’s how he defines the concept:

Tools foster conviviality to the extent to which they can be easily used, by anybody, as often or as seldom as desired, for the accomplishment of a purpose chosen by the user. The goal of such a tool is to serve a society “in which modern technologies serve politically interrelated individuals rather than managers”.

In other words — freedom.

At first glance, LLMs seem like an ideally convivial tool. Even I am excited for the possibility that laymen may be able to build better tools for themselves than any vendor might be able to offer. But there’s one key point in that definition that does not apply to a slop society: we cannot use LLMs as seldom as we might desire.

As work and communication become increasingly LLM-shaped, both through the direct adoption of LLM tools and through the consequent reshaping of public spaces to accommodate them, society itself will become less human-shaped, to the point at which even those of us who have carefully maintained our skills against atrophy will no longer have an outlet for them. Just as agricultural implements have been adapted for use by tractors rather than by farmers, so our information landscape will adapt for the alien mind of the machine, rather than for our wet eyeballs and trembling tympanic membranes.

This is already happening — the pull request that the TailwindCSS team rejected was for the addition of text-only documentation aimed explicitly at LLMs. How long until people simply stop writing documentation for humans entirely? Might we eventually learn how to speak the LLMs' native language, and write our documentation using that? Humans may eventually lose the ability to even read without an LLM.

The trajectory of the LLM society is decisively anti-convivial. More quickly than ever, we are reaching the point in the adoption of a new technology which Illich describes as its “negative” range:

When an enterprise grows beyond a certain point on this scale, it first frustrates the end for which it was originally designed, and then rapidly becomes a threat to society itself. These scales must be identified and the parameters of human endeavors within which human life remains viable must be explored.

This is tyranny of a kind that does not come from governments, but from technology itself. What Illich calls “radical monopoly”:

Radical monopoly exists where a major tool rules out natural competence. Radical monopoly imposes compulsory consumption and thereby restricts personal autonomy. It constitutes a special kind of social control because it is enforced by means of the imposed consumption of a standard product that only large institutions can provide.

If we have any desire for freedom and independence in an increasingly digital society, we have to find a way to protect ourselves from this radical monopoly. Self-hosting our own LLMs will not suffice, because even they will contribute to the reshaping of society and our exclusion from it.

Rage Against The Slop

In the face of a globally advancing tsunami of machine turds, I can only offer sheer bloody-minded curmudgeonliness, like someone who pays all their expenses in cash in an effort to stave off the advance of the global financial surveillance panopticon. That is the knife that we need to bring to this gunfight.

It’s impossible to be anti-LLM, just like it is impossible to be anti-tree. The existence of trees is just a fact, and so is the existence of LLMs. Instead of thinking about LLMs on their own terms — derascinated, platonic, monadic — we should instead think in terms of instances. One cannot abolish all trees, but you can certainly cut one down, or plant one.

An individual tree differs from the idea of a tree in almost every way. The idea of a tree is determined, abstract, normative. The tree in my front yard is constantly changing, is concrete, contextual. It was a rotten elm, it is now a rotting stump.

The challenge for us in the age of the LLMs is to not give ourselves up to the apparent determinism of the machine. Stop thinking about the abstract promised or dreaded future, open your eyes and look at the LLM sitting in front of you on your desk or in your hand. Is this a tree you want to water, to fertilize, to see grow? Does it need some pruning in order to bear fruit in your life? Or does it need to be cut to the ground.

Every prompt not written, every agent not installed, every token not purchased is a decision, a vote for who you want to be, and the home you want to live in. Resistance against the machine is not a simple matter of bugging out to the back country, but of creative subversion, malicious compliance, and dynamic equilibrium. It is the design and use of new tools and technologies which mediate the old ones. And it is the refusal to give up your soul to that of the machine.

🍻🏔

2026-01-26T11:11:58Z

In reply to nevent1q…kxw6
_________________________

🍻🏔

Signal may not be perfect. But every single time I use anything ...

2026-01-26T01:03:23Z

Signal may not be perfect.

But every single time I use anything different, it remind me how clean the UI/UX is.
And I hope they won't change anything about it at all.

For example, started few months unused Matrix client, the Element:

+++ does work with VPN, alias email service, no questions asked, no phone verification

- there is left bar menu, opening one submenu, with Home and rest of whatever call it, rooms?
- this Home opening sub-menu People/Rooms/System Alers chats
- some rooms are only visible under Home, while some in left menu, idk why
- there is a division between rooms and space - can't understand difference
- Almost 3/4 of rooms have now the message: This room has been replaced and is no longer active. But why, some large upgrade?
- if I do not visit every room and migrate myself into new one, I'm basically with no info about it's dead end situation
- rooms chat are clumsy, full of info like: changed their profile picture 4 times, changed their name, and left. Umm, cool and what?
- more spam and unrelated service info, especially if there is Discord/TG/IRC<>Matrix bridge connection
- so messages look like shit: RoomBridge <UserXYZ:Discord> 'Actual message'
- hard to react on this
- hard to meaningfully search the content
- servers suck, if it fck up itself, entire room is corrupted
- moderation on this mess is almost impossible
- clients suck as well - monoculture now, Element only afaik 'usable'
- have no info what is shared where and what rules are applied to such connections
- some bridges are one way, some rooms have apparently mixed modes
- so many rooms have 'End-to-end encryption isn't enabled'
- it even can't be enabled because of: 'Enabling encryption may prevent many bots and bridges from working correctly.' (Ok, this does make sense.)
- if I leave old rooms, some remain in notifications, stuck forever and I can't get rid of them

Feels like Element won't starting for few more months on my machine yet again.

SimpleX still is quite promising.

Dark (2017) - it's not easy to watch due to its complicated ...

2026-01-24T17:22:22Z

In reply to nevent1q…vw25
_________________________

Dark (2017) - it's not easy to watch due to its complicated storyline, and keeping track on the family connections is no easy task, so a pen & paper may come handy.
-
Generally, I may lose interest as have no time to binge watch and rarely can keep up with the series. So unless it's a group activity, like 'let's watch together' I'm the same.

As my consumption of sugar and caffeine dropped to basically 0 ...

2026-01-24T16:56:03Z

As my consumption of sugar and caffeine dropped to basically 0 for prolonged periods of time, it is interesting to see how even moderate sugar intake (a few hours before sleep) can change the qualities of my dreams.
Sugar-assisted dreams are:

- very vivid and colorful, feeling like almost the IPS vs OLED; until this happened to me, I had no idea it could be that different
- more unhinged content; I can almost run in the dreams or swiftly switch the place of the story to another

No nightmares, it is just different, not worse in general. Before my lifestyle changed to this, mainly no sugar/carbs diet, it did not occur to me.
I had no dreams like that despite being 'high on carbs' all the time.
Now that there is some, say, more normal baseline, the difference can be seen and compared to the normal state.

This is interesting to watch, the state of bike-sharing in Europe ...

2026-01-24T16:00:09Z

This is interesting to watch, the state of bike-sharing in Europe (mainly Nexbike, but patterns will be in general the same for the competition).

https://youtu.be/75GP4mRJP7A

The interactive map is:

https://bikesharingflowmap.de/

Most will probably not do it this way, ending as 'just a next ...

2026-01-24T15:33:49Z

In reply to nevent1q…rqsf
_________________________

Most will probably not do it this way, ending as 'just a next tab opened'.

But still biggest enemy is blasting the nsec into a nostr app because many still not allow for the bunker use.

Czech it out! #nevent1q…48hn

2026-01-23T21:33:08Z

Czech it out!

quoting
nevent1q…48hn
IYKYK

This is great, I like human readable npubs having some ...

2026-01-23T21:10:23Z

This is great, I like human readable npubs having some care'n'pow done to them.

Here is list of few different tools having same purpose (afaik all of them offline, that is IMO better option compared to the web one).

https://github.com/aljazceru/awesome-nostr?tab=readme-ov-file#vanity-pubkey-mining

From the list - Rana is nicely done (range of cli options).

quoting
nevent1q…xkc3
I spend my time way too much on building free shit. Anyway, I've had this domain for over 2yrs and finally got around to building something useful for #Nostr that afaik is now the only working miner that's online, in the browser.

https://vanitynpub.com

I think a lot about USA situation can be explained in the book ...

2026-01-23T20:29:24Z

In reply to nevent1q…ckcd
_________________________

I think a lot about USA situation can be explained in the book Shorting the Grid: The Hidden Fragility of Our Electric Grid written by Meredith Angwin.

1) The Sovereign Individual - that is more practical approach to ...

2026-01-05T18:04:39Z

In reply to nevent1q…psht
_________________________

1) The Sovereign Individual - that is more practical approach to the BTC, so it's not outside of, yet can't help myself.
(Taking into account how long they spent writing the book, preparations; this started long before the release date. That makes it more impressive.)
2) The Mosquito - Timothy C. Winegard
(Masterpiece, well written for this kind of topic, worth paying to have hard copy.)
3) How We Got Here: the 70's - David Frum
(It sums up the roots of cultural state in the USA for me, as I don't understand the culture well, and I'd like to skip relying on those who try to facilitate it for me, whoever they may be.)

Pon-Pon Pata Pon~ Pata-Pata-Pata Pon~

2026-01-05T17:38:43Z

In reply to nevent1q…q9le
_________________________

Pon-Pon Pata Pon~

Pata-Pata-Pata Pon~

After briefly reading the posts you made here, take a look at ...

2026-01-05T17:27:08Z

In reply to nevent1q…zu8r
_________________________

After briefly reading the posts you made here, take a look at this:
https://fiatjaf.com/d5031e5b.html

Yeah the BitPay. Definitely protecting my privacy and what not. ...

2026-01-05T17:11:01Z

Yeah the BitPay. Definitely protecting my privacy and what not. Because using BTCPay is just fcuking hard, right?

Used to take a bus and pay 1,- CZK per minute at the nearest game ...

2026-01-05T17:01:01Z

Used to take a bus and pay 1,- CZK per minute at the nearest game cafe just to not play games but surf the net.
(16 used to be one beer, 15 big pack of chips, 45 a pack of cigs.)
Crazy how this is now accessible everywhere (mainly LTE/Starlink/GPON FTTP really delivers).
Also, how has the tide shifted and users nowadays have dissociated themselves from the protocol in favor of platforms.
And how smooth the transition was, despite the many times the platform fails in the process of siphoning the userbase, yet users do not change their behavior.

Overall, I do believe it's OK unless I'm forced to use or participate in it.

Suita; just lol. But srsly, the combination of a shitcoin and ...

2025-12-23T21:34:54Z

Suita; just lol.
But srsly, the combination of a shitcoin and referral begging is a natural fit, so it’s no wonder after all.
#enshittification

Step 0: stop fucking begging me for spreading a referral disease. ...

2025-12-23T21:19:17Z

Step 0: stop fucking begging me for spreading a referral disease.
#enshittification

TIL that Lenovo is manufacturing a mouse (model 400) that isn’t ...

2025-12-23T21:02:04Z

TIL that Lenovo is manufacturing a mouse (model 400) that isn’t compatible with Linux. Even if the receiver is simply plugged into a USB‑C port, it blocks the boot process.
Incredible, what a shitty product.
I’ve never encountered a mouse that’s unusable right out of the box. How does something like this even make it to the retail?
#enshittification

@nprofile…ljdx for wallet address - how is the name reserved, ...

2025-12-20T20:28:18Z

Minibits (nprofile…ljdx) for wallet address - how is the name reserved, for how long? I mean what if user stop using the wallet (delete app), or decide to change the name.
The old name is with some expiration, or can it be reused by someone later on?
Or once it's created, there is no way someone can take it? (Same as with most email providers, gatekeeping the address so someone can't impersonate.)
*I suppose the custom address doesn't have different rules from the generic one.

Something not working right with njump lately (maybe this started ...

2025-12-17T21:45:55Z

Something not working right with njump lately (maybe this started after the last CF outage).

njump.me as info page is working all the time.

But with a /nevent1, a lot of request ending as:

Usually one simple refresh of the page finishing ok.

I'm not the only one so far.

fiatjaf (npub180c…h6w6)

idk 'AI-Powered', just why ...

2025-12-17T19:25:39Z

idk 'AI-Powered', just why

ironfox, it's basically only one option afaik

2025-12-16T23:50:42Z

In reply to nevent1q…6tcr
_________________________

ironfox, it's basically only one option afaik

At least Tuta does have interesting captchas ...

2025-12-16T23:46:45Z

At least Tuta does have interesting captchas

quoting
nevent1q…teqd
#rant #fcuk I needed to create an account, a semi-public one tied to another public account within legacy data silos (aka GH and alike). Which required an email address. It wasn't meant to be a super-secret anonymous or pseudonymous account, as it would be publicly exposed anyway. Decided to try Tuta to see what they offered compared to the basic ProtonMail service for this case. Not liking the Proton monopoly in the space much anyway. When created the account, Tuta put a 24-hour hold on it for manual approval.

After the time elapsed, they informed me that I had to contact them with a written email to explain what I planned to use it for.

Did that, and on the third day, the account started working. Tested by sending an email to it, and since didn't receive a bounce-back message about an unreachable mailbox, began using it for my intended purpose. A day later, after I had already created accounts with several other services using this Tuta email, the Tuta login screen showed me only a "Too many failed login attempts" error.

After waiting about an hour, a new message popped up: "Invalid login credentials."

They did it, bastards. Tuta nuked my new account, the one they manually approved, within a day of use, giving me no chance to react. God forbid they let me verify* myself with: a payment, a phone number, or another email (which I had to use anyway to migrate my accounts later on).

It was my first time using Tuta, so, not knowing how they operate, I didn't set up any recovery options besides saving the recovery code. Didn't add a phone number or a secondary email.
Maybe this could prevent some abuse detection, who knows. Imagine if the services I signed up for didn't let me easily change the email to a backup address.
What a fuck-up. Really didn't expect this kind of rug pull. (F*ck email anyway.)

*well rather validate as non bot, verify is not much a case as phone/payment/secondary mail is cheap to bypass - yet still a quite effective.

#rant #fcuk I needed to create an account, a semi-public one tied ...

2025-12-16T23:37:48Z

#rant #fcuk I needed to create an account, a semi-public one tied to another public account within legacy data silos (aka GH and alike). Which required an email address. It wasn't meant to be a super-secret anonymous or pseudonymous account, as it would be publicly exposed anyway. Decided to try Tuta to see what they offered compared to the basic ProtonMail service for this case. Not liking the Proton monopoly in the space much anyway. When created the account, Tuta put a 24-hour hold on it for manual approval.

After the time elapsed, they informed me that I had to contact them with a written email to explain what I planned to use it for.

Did that, and on the third day, the account started working. Tested by sending an email to it, and since didn't receive a bounce-back message about an unreachable mailbox, began using it for my intended purpose. A day later, after I had already created accounts with several other services using this Tuta email, the Tuta login screen showed me only a "Too many failed login attempts" error.

After waiting about an hour, a new message popped up: "Invalid login credentials."

They did it, bastards. Tuta nuked my new account, the one they manually approved, within a day of use, giving me no chance to react. God forbid they let me verify* myself with: a payment, a phone number, or another email (which I had to use anyway to migrate my accounts later on).

It was my first time using Tuta, so, not knowing how they operate, I didn't set up any recovery options besides saving the recovery code. Didn't add a phone number or a secondary email.
Maybe this could prevent some abuse detection, who knows. Imagine if the services I signed up for didn't let me easily change the email to a backup address.
What a fuck-up. Really didn't expect this kind of rug pull. (F*ck email anyway.)

*well rather validate as non bot, verify is not much a case as phone/payment/secondary mail is cheap to bypass - yet still a quite effective.

Tested with notification off. Untill Amber is back from ...

2025-12-16T21:14:16Z

In reply to nevent1q…fjt6
_________________________

Tested with notification off. Untill Amber is back from background, no action is usually confirmed. Amber is quite often missing from the list of 'Active apps'.
Don't know why, so many remain there all the time. So far not working good with this setting.
Can the relay connected notification info list be configurable, by default, to display as a single row only, matching the screenshot above?
In some future update.
The 'roll it up' doesn't remain in effect and list often reappear back in full length.

@npub1am3…xrv7 have question - can this notification be ...

2025-12-16T18:50:43Z

Amber (npub1am3…xrv7) have question - can this notification be completely avoided by switching it off (the 'Service' notification) in settings and let Amber work on background?

Or is it necessary to keep Amber somehow in working state. The list is still rolled out and it taking a lot of space in notification area.

Have unrestricted and run on background allowed for battery.

While posting a bit here, I realized that do not know one crucial ...

2025-12-15T13:27:00Z

While posting a bit here, I realized that do not know one crucial thing about Nostr.
When referring to a Nostr note, should I use the ‘nostr:nevent1’ format or the ‘note1’ format?
What is the difference, if any?
As far as I know, ‘note1’ is a shortened version of the long string.

It just happened that I have many favorite notes in the nevent1 format and completely forgot about it until looking at what I'm actually inputting into the client.
#asknostr

Adding this for more completeness. #note1tvm…xtkh

2025-12-15T13:13:27Z

In reply to nevent1q…dcjv
_________________________

Adding this for more completeness.

quoting
note1tvm…xtkh

The twentieth century gave us the peculiar institution of the checkpoint. Whether at national borders, factory gates, or building lobbies, the checkpoint performs a simple function: it separates those with papers from those without. The twenty-first century digitized this arrangement and called it the App Store.

When Apple launched the App Store in 2008, it promised a curated garden where users could download software without fear. The implicit trade was straightforward: developers would submit to identity verification, code review, and revenue sharing, and in exchange, they would gain access to hundreds of millions of customers. Google followed with the Play Store. Between them, these two corporations now control approximately 95% of mobile software distribution outside of China.

The security theater worked well enough to become invisible. Most users today cannot imagine installing software any other way. They have forgotten, if they ever knew, that for the first three decades of personal computing, people simply downloaded programs from wherever they found them. The developer's reputation was the only verification that mattered. Somehow civilization survived.

The Papers, Please

To publish an app on Apple's store, a developer must provide a government-issued photo ID, a legal name that will be publicly displayed, a verifiable phone number, and in many cases a D-U-N-S number linking them to a registered business entity. Google's requirements are slightly less onerous but follow the same pattern. Both platforms require payment through the traditional banking system.

This arrangement excludes billions of people from participating in the software economy, not as users but as creators. The unbanked cannot publish apps. Those without government papers cannot publish apps. Those living under regimes where certain kinds of software are criminalized cannot safely publish apps, because their identity is permanently linked to their work.

Consider what this means in practice. A developer in Russia who wishes to publish a VPN app must attach their legal name and identity documents to that release. As of June 2025, Russian authorities have demanded and received the removal of 113 VPN applications from Apple's App Store. The developers of these apps are now known to the Russian state. Their crime was writing software that helps people read forbidden websites.

Apple complied with these demands while simultaneously claiming commitment to human rights. The company removed independent media apps, BBC podcasts, and Radio Free Europe, all at the request of Roskomnadzor, Russia's internet censor. When confronted, Apple explained that failure to comply could mean losing the ability to operate in Russia entirely. This is true. It is also an admission that the App Store model transforms Apple into an enforcement arm of any government willing to make demands.

The False Promise of Centralized Review

The security argument for centralized app stores collapses upon examination. In 2021, a fake Trezor app appeared on the Apple App Store. Trezor makes hardware wallets for storing cryptocurrency. The fake app looked identical to the real thing: same name, same logo, same colors. Apple's review team approved it. The app remained available for nearly two weeks, during which it stole approximately $1.6 million from users who trusted that Apple's walled garden was safe.

The fake app passed review through a simple bait-and-switch. It presented itself as a "cryptography" app for encrypting files and transformed after approval into a cryptocurrency wallet. Apple had no mechanism to detect this change. The company relies on users to report fraud after they have already been victimized.

This pattern repeats across both platforms. Malicious apps slip through automated and human review. Legitimate apps get banned without explanation. The Coinbase app was removed from Apple's store for an entire year in 2013. Damus, a Nostr client, was threatened with removal because its zap feature let users send Bitcoin tips to each other, bypassing Apple's 30% cut. In August 2025, Google briefly threatened to remove all non-custodial cryptocurrency wallets from the Play Store, reversing course only after intense backlash. The message was clear: access to users can be revoked at any moment, for any reason, with no appeal.

The Satoshi Standard

The most consequential software release of the twenty-first century was published by someone who never provided a government ID, never registered a business, and never revealed their name. Satoshi Nakamoto developed Bitcoin over approximately 25 months, communicated exclusively through pseudonymous channels, and disappeared in 2011 without ever being identified.

The Bitcoin network now secures hundreds of billions of dollars in value. Its code has been scrutinized by thousands of developers. It operates continuously across the globe without any central point of failure. None of this required Satoshi to prove their legal identity to a corporation in Cupertino.

Imagine if the App Store model had existed for software distribution in 2008. Satoshi would have needed to provide a passport, link a bank account, and agree to terms of service that included the right of Apple or Google to remove Bitcoin at any time. The software that enabled permissionless money would have required permission to exist.

The Alternatives That Almost Work

Before Zapstore developers seeking escape from the App Store duopoly had limited options, each with significant compromises.

F-Droid is the oldest and most respected alternative for Android. It hosts only free and open-source software, which is admirable, but its architecture introduces a fatal flaw: F-Droid builds apps from source and signs them with its own keys. You are not trusting the original developer. You are trusting F-Droid. Every update requires trusting them again. They become a single point of failure, a trusted third party in a system that was supposed to eliminate trusted third parties.

Obtainium takes a different approach, fetching APKs directly from developers' GitHub releases. This removes one layer of trust, but Obtainium lacks signature verification. You trust that GitHub has not been compromised, that the developer's account has not been hijacked, and that the binary corresponds to the source code. These are reasonable assumptions most of the time, but they are still assumptions rather than cryptographic guarantees.

Both systems represent improvements over the Play Store monopoly. Neither solves the fundamental problem: establishing trust in a developer without requiring a central authority to vouch for them.

Zapstore: It Just Works

We have tried to publish software through the official channels. The experience is deliberately hostile. Apple requires a $99 annual fee, government ID verification, and a review process that can reject apps for arbitrary reasons with no meaningful appeal. Google's Play Store is marginally less painful but still demands identity documents and bank accounts. The process exists to filter out the uncommitted and the undocumented, which sounds like a feature until you realize it also filters out dissidents, the unbanked, and anyone who values privacy.

Zapstore was the first app store where publishing just worked. No account creation. No identity verification. No review process. No waiting. We signed our release with a Nostr key and published it to the relay network. That was it. Users who follow us or who trust people who follow us can find our app and verify that we signed it. The entire interaction took minutes, not weeks.

The technical architecture is elegant. When a developer publishes a release, they create a signed Nostr event containing app metadata, version information, and a hash of the binary. This release event points to the actual package, which can be hosted anywhere. Users downloading the app verify that the signature matches the developer's public key and that the package hash matches what was signed. No corporation in the middle. No government paperwork. Just cryptography.

What makes Zapstore genuinely social is the app event system. Users can publish recommendations for apps they use and trust. These recommendations propagate through your social graph. If three people you follow all recommend the same Bitcoin wallet, that signal is far more meaningful than a thousand five-star reviews from strangers on the Play Store. The web of trust replaces the walled garden.

The Unbanked Developer

Beyond identity requirements, existing app stores demand participation in the traditional financial system. Apple and Google take 15 to 30 percent of all sales. Developers must receive payment through bank accounts in supported countries.

This excludes an enormous portion of humanity. Over a billion adults globally remain unbanked. They cannot publish paid apps. The software economy is closed to them by design.

Zapstore enables payment through Bitcoin's Lightning Network. Developers can receive tips and payments directly from users without any intermediary taking a cut. No bank account required. No identity verification required. No geographic restrictions. In countries with capital controls or governments that freeze dissident bank accounts, the ability to receive payment pseudonymously can be the difference between financial independence and destitution.

The Road Ahead

The objection will be raised that permissionless app distribution enables malware. This is true. It also enables privacy tools in Russia, financial applications in countries with broken banking systems, and innovations that incumbent platforms would prefer to suppress. The question is not whether a system can be abused, but what trade-offs we are willing to accept.

Centralized app stores promised safety in exchange for control. They delivered control but not safety. Fake apps still proliferate. Scams still cost users millions. Meanwhile, the infrastructure of control has been weaponized by authoritarian governments to silence journalists, block privacy tools, and create permanent records linking developers to software that might someday become illegal.

The ability to publish code without permission is not a fringe concern for criminals. It is the foundation of digital freedom. Any system that requires government papers to publish software will eventually be used to suppress software that governments dislike.

The checkpoint was always the point.

This is some steak saving advice #nevent1q…yr25

2025-12-15T12:46:16Z

This is some steak saving advice

quoting
nevent1q…yr25
We’ve all had the experience of opening that steak we’ve been putting off eating, because life, to the intense stench of frustration.

Protip: In your fridge, a steak on a rack exposed to air will last much longer than in a vac bag.
You might have 5 days in a bag.
But easily 10-15 on a rack - and after that it’s probably not going bad - just drying out more than is ideal.

Many of the things that go wrong with meat happen in the absence of air. (i.e.- in the bag)
Namely rot.

The way a conventional fridge cools makes it double as a dehumidifier/dehydrator - which red meat loves.

Make sure your rack is stainless steel and not coated metal, which can rust.

Lastly, and I think this is important, you WILL know if raw red meat is not good/safe to eat.
It will be visibly off- often green-ish. It will be slimy and, most importantly, your nose will tell your brain “FUCK NO!” in a primal way. (Exceptions to this would be game meats that might have parasites.)

Slightly turning brown is normal with oxygen exposure.

Food poisoning mostly sneaks in undetectably in prepared foods that haven’t been handled properly.

This is not investment advice.

Still @nprofile…6fuz is the best and only usable solution known ...

2025-12-15T12:11:23Z

Still Amber (nprofile…6fuz) is the best and only usable solution known to me (for Android) keeping nsec usable (outside of passwd manager) yet quite safe.

And also not that hard to use for an average user.

The ongoing problem is clients not respecting the user’s choice.
For example, YakiHonne doesn’t respect the push‑notification decline and cannot let me leave the app if I do not confirm it.

Sometimes there are many requests for one event.
0xChat asked me for many confirmations for a single message iirc; I have no idea what I’m signing for, so blindly confirming them all.

quoting
nevent1q…h8x5
If you are using Android, the only place you should paste you nsec is on Amber. No other app cares about your key security as Amber does. No one.

Still haven't figured out how to choose a 'good ...

2025-12-15T11:05:10Z

Still haven't figured out how to choose a 'good relay' and what it is even.
In Amethyst, at least, there is nice description what each type of relay is good for.

Except for Citrine (nprofile…utvn) (many thanks greenart7c3 (nprofile…0k9y) ), that is by design a good relay.

quoting
nevent1q…hga6
Periodic reminder that your relays see absolutely EVERYTHING you do on Nostr. Regardless of which Client you use. They literally see the app downloading zaps, replies, and reactions when you scroll your posts in real time.

So... MAKE SURE TO KNOW WHO THEY ARE and that you TRUST THEM with that information.

Nostr is just like a browser. The server has to know what you want to see to send it to you, and that gives them the power to track you and see what you are asking for. There is no way around it.

I can't stress this enough.

@nprofile…hkts this may be interesting for you #naddr1qq…l59f

2025-12-15T10:38:03Z

In reply to naddr1qq…l59f
_________________________

M¡lan (nprofile…hkts) this may be interesting for you

quoting
naddr1qq…l59f

What follows began as snippets of conversations I have been having for years, on and off, here and there. It will likely eventually be collated into a piece I have been meaning to write on “payments” as a whole. I foolishly started writing this piece years ago, not realizing that the topic is gargantuan and for every week I spend writing it I have to add two weeks to my plan. That may or may not ever come to fruition, but in the meantime, Tether announced it was issuing on Taproot Assets and suddenly everybody is interested again. This is as good a catalyst as any to carve out my “stablecoin thesis”, such as it exists, from “payments”, and put it out there for comment and feedback.

In contrast to the “Bitcoiner take” I will shortly revert to, I invite the reader to keep the following potential counterargument in mind, which might variously be termed the “shitcoiner”, “realist”, or “cynical” take, depending on your perspective: that stablecoins have clear product-market-fit. Now, as a venture capitalist and professional thinkboi focusing on companies building on Bitcoin, I obviously think that not only is Bitcoin the best money ever invented and its monetization is pretty much inevitable, but that, furthermore, there is enormous, era-defining long-term potential for a range of industries in which Bitcoin is emerging as superior technology, even aside from its role as money. But in the interest not just of steelmanning but frankly just of honesty, I would grudgingly agree with the following assessment as of the time of writing: the applications of crypto (inclusive of Bitcoin but deliberately wider) that have found product-market-fit today, and that are not speculative bets on future development and adoption, are: Bitcoin as savings technology, mining as a means of monetizing energy production, and stablecoins.

I think there are two typical Bitcoiner objections to stablecoins of significantly greater importance than all others: that you shouldn’t be supporting dollar hegemony, and that you don’t need a blockchain. I will elaborate on each of these, and for the remainder of the post will aim to produce a synthesis of three superficially contrasting (or at least not obviously related) sources of inspiration: these objections, the realisation above that stablecoins just are useful, and some commentary on technical developments in Bitcoin and the broader space that I think inform where things are likely to go. As will become clear as the argument progresses, I actually think the outcome to which I am building up is where things have to go. I think the technical and economic incentives at play make this an inevitability rather than a “choice”, per se. Given my conclusion, which I will hold back for the time being, this is a fantastically good thing, hence I am motivated to write this post at all!

Objection 1: Dollar Hegemony

I list this objection first because there isn’t a huge amount to say about it. It is clearly a normative position, and while I more or less support it personally, I don’t think that it is material to the argument I am going on to make, so I don’t want to force it on the reader. While the case for this objection is probably obvious to this audience (isn’t the point of Bitcoin to destroy central banks, not further empower them?) I should at least offer the steelman that there is a link between this and the realist observation that stablecoins are useful. The reason they are useful is because people prefer the dollar to even shitter local fiat currencies. I don’t think it is particularly fruitful to say that they shouldn’t. They do. Facts don’t care about your feelings. There is a softer bridging argument to be made here too, to the effect that stablecoins warm up their users to the concept of digital bearer (ish) assets, even though these particular assets are significantly scammier than Bitcoin. Again, I am just floating this, not telling the reader they should or shouldn’t buy into it.

All that said, there is one argument I do want to put my own weight behind, rather than just float: stablecoin issuance is a speculative attack on the institution of fractional reserve banking. A “dollar” Alice moves from JPMorgan to Tether embodies two trade-offs from Alice’s perspective: i) a somewhat opaque profile on the credit risk of the asset: the likelihood of JPMorgan ever really defaulting on deposits vs the operator risk of Tether losing full backing and/or being wrench attacked by the Federal Government and rugging its users. These risks are real but are almost entirely political. I’m skeptical it is meaningful to quantify them, but even if it is, I am not the person to try to do it. Also, more transparently to Alice, ii) far superior payment rails (for now, more on this to follow).

However, from the perspective of the fiat banking cartel, fractional reserve leverage has been squeezed. There are just as many notional dollars in circulation, but there the backing has been shifted from levered to unlevered issuers. There are gradations of relevant objections to this: while one might say, Tether’s backing comes from Treasuries, so you are directly funding US debt issuance!, this is a bit silly in the context of what other dollars one might hold. It’s not like JPMorgan is really competing with the Treasury to sell credit into the open market. Optically they are, but this is the core of the fiat scam. Via the guarantees of the Federal Reserve System, JPMorgan can sell as much unbacked credit as it wants knowing full well the difference will be printed whenever this blows up. Short-term Treasuries are also JPMorgan’s most pristine asset safeguarding its equity, so the only real difference is that Tether only holds Treasuries without wishing more leverage into existence. The realization this all builds up to is that, by necessity,

Tether is a fully reserved bank issuing fiduciary media against the only dollar-denominated asset in existence whose value (in dollar terms) can be guaranteed. Furthermore, this media arguably has superior “moneyness” to the obvious competition in the form of US commercial bank deposits by virtue of its payment rails.

That sounds pretty great when you put it that way! Of course, the second sentence immediately leads to the second objection, and lets the argument start to pick up steam …

Objection 2: You Don’t Need a Blockchain

I don’t need to explain this to this audience but to recap as briefly as I can manage: Bitcoin’s value is entirely endogenous. Every aspect of “a blockchain” that, out of context, would be an insanely inefficient or redundant modification of a “database”, in context is geared towards the sole end of enabling the stability of this endogenous value. Historically, there have been two variations of stupidity that follow a failure to grok this: i) “utility tokens”, or blockchains with native tokens for something other than money. I would recommend anybody wanting a deeper dive on the inherent nonsense of a utility token to read Only The Strong Survive, in particular Chapter 2, Crypto Is Not Decentralized, and the subsection, Everything Fights For Liquidity, and/or Green Eggs And Ham, in particular Part II, Decentralized Finance, Technically. ii) “real world assets” or, creating tokens within a blockchain’s data structure that are not intended to have endogenous value but to act as digital quasi-bearer certificates to some or other asset of value exogenous to this system. Stablecoins are in this second category.

RWA tokens definitionally have to have issuers, meaning some entity that, in the real world, custodies or physically manages both the asset and the record-keeping scheme for the asset. “The blockchain” is at best a secondary ledger to outsource ledger updates to public infrastructure such that the issuer itself doesn’t need to bother and can just “check the ledger” whenever operationally relevant. But clearly ownership cannot be enforced in an analogous way to Bitcoin, under both technical and social considerations. Technically, Bitcoin’s endogenous value means that whoever holds the keys to some or other UTXOs functionally is the owner. Somebody else claiming to be the owner is yelling at clouds. Whereas, socially, RWA issuers enter a contract with holders (whether legally or just in terms of a common-sense interpretation of the transaction) such that ownership of the asset issued against is entirely open to dispute. That somebody can point to “ownership” of the token may or may not mean anything substantive with respect to the physical reality of control of the asset, and how the issuer feels about it all.

And so, one wonders, why use a blockchain at all? Why doesn’t the issuer just run its own database (for the sake of argument with some or other signature scheme for verifying and auditing transactions) given it has the final say over issuance and redemption anyway? I hinted at an answer above: issuing on a blockchain outsources this task to public infrastructure. This is where things get interesting. While it is technically true, given the above few paragraphs, that, you don’t need a blockchain for that, you also don’t need to not use a blockchain for that. If you want to, you can.

This is clearly the case given stablecoins exist at all and have gone this route. If one gets too angry about not needing a blockchain for that, one equally risks yelling at clouds! And, in fact, one can make an even stronger argument, more so from the end users’ perspective. These products do not exist in a vacuum but rather compete with alternatives. In the case of stablecoins, the alternative is traditional fiat money, which, as stupid as RWAs on a blockchain are, is even dumber. It actually is just a database, except it’s a database that is extremely annoying to use, basically for political reasons because the industry managing these private databases form a cartel that never needs to innovate or really give a shit about its customers at all. In many, many cases, stablecoins on blockchains are dumb in the abstract, but superior to the alternative methods of holding and transacting in dollars existing in other forms. And note, this is only from Alice’s perspective of wanting to send and receive, not a rehashing of the fractional reserve argument given above. This is the essence of their product-market-fit. Yell at clouds all you like: they just are useful given the alternative usually is not Bitcoin, it’s JPMorgan’s KYC’d-up-the-wazoo 90s-era website, more than likely from an even less solvent bank.

So where does this get us? It might seem like we are back to “product-market-fit, sorry about that” with Bitcoiners yelling about feelings while everybody else makes do with their facts. However, I think we have introduced enough material to move the argument forward by incrementally incorporating the following observations, all of which I will shortly go into in more detail: i) as a consequence of making no technical sense with respect to what blockchains are for, today’s approach won’t scale; ii) as a consequence of short-termist tradeoffs around socializing costs, today’s approach creates an extremely unhealthy and arguably unnatural market dynamic in the issuer space; iii) Taproot Assets now exist and handily address both points i) and ii), and; iv) eCash is making strides that I believe will eventually replace even Taproot Assets.

To tease where all this is going, and to get the reader excited before we dive into much more detail: just as Bitcoin will eat all monetary premia, Lightning will likely eat all settlement, meaning all payments will gravitate towards routing over Lightning regardless of the denomination of the currency at the edges. Fiat payments will gravitate to stablecoins to take advantage of this; stablecoins will gravitate to TA and then to eCash, and all of this will accelerate hyperbitcoinization by “bitcoinizing” payment rails such that an eventual full transition becomes as simple as flicking a switch as to what denomination you want to receive.

I will make two important caveats before diving in that are more easily understood in light of having laid this groundwork: I am open to the idea that it won’t be just Lightning or just Taproot Assets playing the above roles. Without veering into forecasting the entire future development of Bitcoin tech, I will highlight that all that really matters here are, respectively: a true layer 2 with native hashlocks, and a token issuance scheme that enables atomic routing over such a layer 2 (or combination of such). For the sake of argument, the reader is welcome to swap in “Ark” and “RGB” for “Lightning” and “TA” both above and in all that follows. As far as I can tell, this makes no difference to the argument and is even exciting in its own right. However, for the sake of simplicity in presentation, I will stick to “Lightning” and “TA” hereafter.

1) Today’s Approach to Stablecoins Won’t Scale

This is the easiest to tick off and again doesn’t require much explanation to this audience. Blockchains fundamentally don’t scale, which is why Bitcoin’s UTXO scheme is a far better design than ex-Bitcoin Crypto’s’ account-based models, even entirely out of context of all the above criticisms. This is because Bitcoin transactions can be batched across time and across users with combinations of modes of spending restrictions that provide strong economic guarantees of correct eventual net settlement, if not perpetual deferral. One could argue this is a decent (if abstrusely technical) definition of “scaling” that is almost entirely lacking in Crypto.

What we see in ex-Bitcoin crypto is so-called “layer 2s” that are nothing of the sort, forcing stablecoin schemes in these environments into one of two equally poor design choices if usage is ever to increase: fees go higher and higher, to the point of economic unviability (and well past it) as blocks fill up, or move to much more centralized environments that increasingly are just databases, and hence which lose the benefits of openness thought to be gleaned by outsourcing settlement to public infrastructure. This could be in the form of punting issuance to a bullshit “layer 2” that is a really a multisig “backing” a private execution environment (to be decentralized any daw now) or an entirely different blockchain that is just pretending even less not to be a database to begin with. In a nutshell, this is a decent bottom-up explanation as to why Tron has the highest settlement of Tether.

This also gives rise to the weirdness of “gas tokens” - assets whose utility as money is and only is in the form of a transaction fee to transact a different kind of money. These are not quite as stupid as a “utility token,” given at least they are clearly fulfilling a monetary role and hence their artificial scarcity can be justified. But they are frustrating from Bitcoiners’ and users’ perspectives alike: users would prefer to pay transaction fees on dollars in dollars, but they can’t because the value of Ether, Sol, Tron, or whatever, is the string and bubblegum that hold their boondoggles together. And Bitcoiners wish this stuff would just go away and stop distracting people, whereas this string and bubblegum is proving transiently useful.

All in all, today’s approach is fine so long as it isn’t being used much. It has product-market fit, sure, but in the unenviable circumstance that, if it really starts to take off, it will break, and even the original users will find it unusable.

2) Today’s Approach to Stablecoins Creates an Untenable Market Dynamic

Reviving the ethos of you don’t need a blockchain for that, notice the following subtlety: while the tokens representing stablecoins have value to users, that value is not native to the blockchain on which they are issued. Tether can (and routinely does) burn tokens on Ethereum and mint them on Tron, then burn on Tron and mint on Solana, and so on. So-called blockchains “go down” and nobody really cares. This makes no difference whatsoever to Tether’s own accounting, and arguably a positive difference to users given these actions track market demand. But it is detrimental to the blockchain being switched away from by stripping it of “TVL” that, it turns out, was only using it as rails: entirely exogenous value that leaves as quickly as it arrived.

One underdiscussed and underappreciated implication of the fact that no value is natively running through the blockchain itself is that, in the current scheme, both the sender and receiver of a stablecoin have to trust the same issuer. This creates an extremely powerful network effect that, in theory, makes the first-to-market likely to dominate and in practice has played out exactly as this theory would suggest: Tether has roughly 80% of the issuance, while roughly 19% goes to the political carve-out of USDC that wouldn’t exist at all were it not for government interference. Everybody else combined makes up the final 1%.

So, Tether is a full reserve bank but also has to be everybody’s bank. This is the source of a lot of the discomfort with Tether, and which feeds into the original objection around dollar hegemony, that there is an ill-defined but nonetheless uneasy feeling that Tether is slowly morphing into a CBDC. I would argue this really has nothing to do with Tether’s own behavior but rather is a consequence of the market dynamic inevitably created by the current stablecoin scheme. There is no reason to trust any other bank because nobody really wants a bank, they just want the rails. They want something that will retain a nominal dollar value long enough to spend it again. They don’t care what tech it runs on and they don’t even really care about the issuer except insofar as having some sense they won’t get rugged.

Notice this is not how fiat works. Banks can, of course, settle between each other, thus enabling their users to send money to customers of other banks. This settlement function is actually the entire point of central banks, less the money printing and general corruption enabled (we might say, this was the historical point of central banks, which have since become irredeemably corrupted by this power). This process is clunkier than stablecoins, as covered above, but the very possibility of settlement means there is no gigantic network effect to being the first commercial issuer of dollar balances. If it isn’t too triggering to this audience, one might suggest that the money printer also removes the residual concern that your balances might get rugged! (or, we might again say, you guarantee you don’t get rugged in the short term by guaranteeing you do get rugged in the long term).

This is a good point at which to introduce the unsettling observation that broader fintech is catching on to the benefits of stablecoins without any awareness whatsoever of all the limitations I am outlining here. With the likes of Stripe, Wise, Robinhood, and, post-Trump, even many US megabanks supposedly contemplating issuing stablecoins (obviously within the current scheme, not the scheme I am building up to proposing), we are forced to boggle our minds considering how on earth settlement is going to work. Are they going to settle through Ether? Well, no, because i) Ether isn’t money, it’s … to be honest, I don’t think anybody really knows what it is supposed to be, or if they once did they aren’t pretending anymore, but anyway, Stripe certainly hasn’t figured that out yet so, ii) it won’t be possible to issue them on layer 1s as soon as there is any meaningful volume, meaning they will have to route through “bullshit layer 2 wrapped Ether token that is really already a kind of stablecoin for Ether.”

The way they are going to try to fix this (anybody wanna bet?) is routing through DEXes, which is so painfully dumb you should be laughing and, if you aren’t, I would humbly suggest you don’t get just how dumb it is. What this amounts to is plugging the gap of Ether’s lack of moneyness (and wrapped Ether’s hilarious lack of moneyness) with … drum roll … unknowable technical and counterparty risk and unpredictable cost on top of reverting to just being a database. So, in other words, all of the costs of using a blockchain when you don’t strictly need to, and none of the benefits. Stripe is going to waste billions of dollars getting sandwich attacked out of some utterly vanilla FX settlement it is facilitating for clients who have even less of an idea what is going on and why North Korea now has all their money, and will eventually realize they should have skipped their shitcoin phase and gone straight to understanding Bitcoin instead …

3) Bitcoin (and Taproot Assets) Fixes This

To tie together a few loose ends, I only threw in the hilariously stupid suggestion of settling through wrapped Ether on Ether on Ether in order to tee up the entirely sensible suggestion of settling through Lightning. Again, not that this will be new to this audience, but while issuance schemes have been around on Bitcoin for a long time, the breakthrough of Taproot Assets is essentially the ability to atomically route through Lightning.

I will admit upfront that this presents a massive bootstrapping challenge relative to the ex-Bitcoin Crypto approach, and it’s not obvious to me if or how this will be overcome. I include this caveat to make it clear I am not suggesting this is a given. It may not be, it’s just beyond the scope of this post (or frankly my ability) to predict. This is a problem for Lightning Labs, Tether, and whoever else decides to step up to issue. But even highlighting this as an obvious and major concern invites us to consider an intriguing contrast: scaling TA stablecoins is hardest at the start and gets easier and easier thereafter. The more edge liquidity there is in TA stables, the less of a risk it is for incremental issuance; the more TA activity, the more attractive deploying liquidity is into Lightning proper, and vice versa. With apologies if this metaphor is even more confusing than it is helpful, one might conceive of the situation as being that there is massive inertia to bootstrap, but equally there could be positive feedback in driving the inertia to scale. Again, I have no idea, and it hasn’t happened yet in practice, but in theory it’s fun.

More importantly to this conversation, however, this is almost exactly the opposite dynamic to the current scheme on other blockchains, which is basically free to start, but gets more and more expensive the more people try to use it. One might say it antiscales (I don’t think that’s a real word, but if Taleb can do it, then I can do it too!).

Furthermore, the entire concept of “settling in Bitcoin” makes perfect sense both economically and technically: economically because Bitcoin is money, and technically because it can be locked in an HTLC and hence can enable atomic routing (i.e. because Lightning is a thing). This is clearly better than wrapped Eth on Eth on Eth or whatever, but, tantalisingly, is better than fiat too! The core message of the payments tome I may or may not one day write is (or will be) that fiat payments, while superficially efficient on the basis of centralized and hence costless ledger amendments, actually have a hidden cost in the form of interbank credit. Many readers will likely have heard me say this multiple times and in multiple settings but, contrary to popular belief, there is no such thing as a fiat debit. Even if styled as a debit, all fiat payments are credits and all have credit risk baked into their cost, even if that is obscured and pushed to the absolute foundational level of money printing to keep banks solvent and hence keep payment channels open.

Furthermore! this enables us to strip away the untenable market dynamic from the point above. The underappreciated and underdiscussed flip side of the drawback of the current dynamic that is effectively fixed by Taproot Assets is that there is no longer a mammoth network effect to a single issuer. Senders and receivers can trust different issuers (i.e. their own banks) because those banks can atomically settle a single payment over Lightning. This does not involve credit. It is arguably the only true debit in the world across both the relevant economic and technical criteria: it routes through money with no innate credit risk, and it does so atomically due to that money’s native properties.

Savvy readers may have picked up on a seed I planted a while back and which can now delightfully blossom:

This is what Visa was supposed to be!

Crucially, this is not what Visa is now. Visa today is pretty much the bank that is everybody’s counterparty, takes a small credit risk for the privilege, and oozes free cash flow bottlenecking global consumer payments.

But if you read both One From Many by Dee Hock (for a first person but pretty wild and extravagant take) and Electronic Value Exchange by David Stearns (for a third person, drier, but more analytical and historically contextualized take) or if you are just intimately familiar with the modern history of payments for whatever other reason, you will see that the role I just described for Lightning in an environment of unboundedly many banks issuing fiduciary media in the form of stablecoins is exactly what Dee Hock wanted to create when he envisioned Visa:

A neutral and open layer of value settlement enabling banks to create digital, interbank payment schemes for their customers at very low cost.

As it turns out, his vision was technically impossible with fiat, hence Visa, which started as a cooperative amongst member banks, was corrupted into a duopolistic for-profit rent seeker in curious parallel to the historical path of central banks …

4) eCash

To now push the argument to what I think is its inevitable conclusion, it’s worth being even more vigilant on the front of you don’t need a blockchain for that. I have argued that there is a role for a blockchain in providing a neutral settlement layer to enable true debits of stablecoins. But note this is just a fancy and/or stupid way of saying that Bitcoin is both the best money and is programmable, which we all knew anyway. The final step is realizing that, while TA is nice in terms of providing a kind of “on ramp” for global payments infrastructure as a whole to reorient around Lightning, there is some path dependence here in assuming (almost certainly correctly) that the familiarity of stablecoins as “RWA tokens on a blockchain” will be an important part of the lure.

But once that transition is complete, or is well on its way to being irreversible, we may as well come full circle and cut out tokens altogether. Again, you really don’t need a blockchain for that, and the residual appeal of better rails has been taken care of with the above massive detour through what I deem to be the inevitability of Lightning as a settlement layer. Just as USDT on Tron arguably has better moneyness than a JPMorgan balance, so a “stablecoin” as eCash has better moneyness than as a TA given it is cheaper, more private, and has more relevantly bearer properties (in other words, because it is cash). The technical detail that it can be hashlocked is really all you need to tie this all together. That means it can be atomically locked into a Lightning routed debit to the recipient of a different issuer (or “mint” in eCash lingo, but note this means the same thing as what we have been calling fully reserved banks). And the economic incentive is pretty compelling too because, for all their benefits, there is still a cost to TAs given they are issued onchain and they require asset-specific liquidity to route on Lightning. Once the rest of the tech is in place, why bother? Keep your Lightning connectivity and just become a mint.

What you get at that point is dramatically superior private database to JPMorgan with the dramatically superior public rails of Lightning. There is nothing left to desire from “a blockchain” besides what Bitcoin is fundamentally for in the first place: counterparty-risk-free value settlement.

And as a final point with a curious and pleasing echo to Dee Hock at Visa, Calle has made the point repeatedly that David Chaum’s vision for eCash, while deeply philosophical besides the technical details, was actually pretty much impossible to operate on fiat. From an eCash perspective, fiat stablecoins within the above infrastructure setup are a dramatic improvement on anything previously possible. But, of course, they are a slippery slope to Bitcoin regardless …

Objections Revisited

As a cherry on top, I think the objections I highlighted at the outset are now readily addressed – to the extent the reader believes what I am suggesting is more or less a technical and economic inevitability, that is. While, sure, I’m not particularly keen on giving the Treasury more avenues to sell its welfare-warfare shitcoin, on balance the likely development I’ve outlined is an enormous net positive: it’s going to sell these anyway so I prefer a strong economic incentive to steadily transition not only to Lightning as payment rails but eCash as fiduciary media, and to use “fintech” as a carrot to induce a slow motion bank run.

As alluded to above, once all this is in place, the final step to a Bitcoin standard becomes as simple as an individual’s decision to want Bitcoin instead of fiat. On reflection, this is arguably the easiest part! It's setting up all the tech that puts people off, so trojan-horsing them with “faster, cheaper payment rails” seems like a genius long-term strategy.

And as to “needing a blockchain” (or not), I hope that is entirely wrapped up at this point. The only blockchain you need is Bitcoin, but to the extent people are still confused by this (which I think will take decades more to fully unwind), we may as well lean into dazzling them with whatever innovation buzzwords and decentralization theatre they were going to fall for anyway before realizing they wanted Bitcoin all along.

Conclusion

Stablecoins are useful whether you like it or not. They are stupid in the abstract but it turns out fiat is even stupider, on inspection. But you don’t need a blockchain, and using one as decentralization theatre creates technical debt that is insurmountable in the long run. Blockchain-based stablecoins are doomed to a utility inversely proportional to their usage, and just to rub it in, their ill-conceived design practically creates a commercial dynamic that mandates there only ever be a single issuer.

Given they are useful, it seems natural that this tension is going to blow up at some point. It also seems worthwhile observing that Taproot Asset stablecoins have almost the inverse problem and opposite commercial dynamic: they will be most expensive to use at the outset but get cheaper and cheaper as their usage grows. Also, there is no incentive towards a monopoly issuer but rather towards as many as are willing to try to operate well and provide value to their users.

As such, we can expect any sizable growth in stablecoins to migrate to TA out of technical and economic necessity. Once this has happened - or possibly while it is happening but is clearly not going to stop - we may as well strip out the TA component and just use eCash because you really don’t need a blockchain for that at all. And once all the money is on eCash, deciding you want to denominate it in Bitcoin is the simplest on-ramp to hyperbitcoinization you can possibly imagine, given we’ve spent the previous decade or two rebuilding all payments tech around Lightning.

Or: Bitcoin fixes this. The End.

Allen, #892,125

thanks to Marco Argentieri, Lyn Alden, and Calle for comments and feedback

How does that change in the meantime?

2025-12-15T09:44:50Z

In reply to nevent1q…quxp
_________________________

How does that change in the meantime?

This guide still holds great. Surprised how not many users (even ...

2025-12-15T09:20:22Z

In reply to naddr1qq…zhgq
_________________________

This guide still holds great.
Surprised how not many users (even the technically knowledgeable base of nostr) taking advantage of having npub personalized a bit.
Possibly because it's not just a common knowledge.
Or maybe, as NOSTR clients tend to shorten the npub, it's mainly hidden a lot.
Would be great if npub1 part is ommited entirely as it doesn't carrying any meaningful info from my perspective.
(This tool allowing the few last characters to be the part of the pattern, so this solves the problem a bit.)

quoting
naddr1qq…zhgq

Tldr

Your Nostr identity may be the first ID you every own

You can create one that easier to backup using a 12-word mnemonic, and

You can create one that has a bit of branding to it, called a “vanity npub”

Many tools exist which you can use

I tried a few and settled on Rana by Negrunch

Now I am npub1r0d8...

The first ID you’ll ever own

The first step in setting up a Nostr profile is to get your keys. These keys are your identity. For almost everyone, this is the first ID you’ll have that you truly own. That is, this ID is yours because you say it is. That’s different from almost every other ID, which was issued to you by someone else, and is yours because they say it is.

Not only is it yours. It’s portable. You can use this ID to be yourself in any app that supports Nostr.

Consider the legacy internet—every app requires a separate account. That’s a separate login and password to remember. And worse than that, it’s a separate set of content you have to generate, and a separate following you have to create. Every time a new platform launches, you need to encourage your followers to join you on the new platform. At any time, any platform can deplatform you. If they do, you lose your content and your following, with no recourse.

On Nostr, it’s different. All your content and all your following is linked to your identity, and you take it with you everywhere. You build your content once, and it appears with you everywhere. You build one following once, and they follow you everywhere. If a platform deplatforms you, you don’t lose your following or content, you just take it all to another platform.

This may be the first ID you ever own, and if Nostr keeps on growing, it may be the last ID you’ll ever need.

Getting branded with a “vanity” npub

Every nostr user has an identity like this, and every user can be found and known by their public key, their “npub” or “pubkey”. By default, most people go by a pubkey that is completely random, like npub1asdfgh….

My view is, if you’re going to create your first-ever ID that is truly yours, you might as well make it special. It’s possible to create a pubkey that has a bit of branding to it.

The technical name for these is a “vanity npub”. You could call it a branded npub.

There are some good examples:

Snowden at npub1sn0wden...

Negrunch at npub1qqqqqqq...

These pubkeys have specific characters at the start (or at the end). It is better branding. It’s also helpful for defeating spammers who might choose to imitate you, as only you have the vanity npub.

Keys are generated at random. To get one with your specific branding on it, you need to set up your computer to generate keys at random until it finds one that suits your needs. Once set up your computer will generate keys by the millions–checking and discarding each one until it creates the one with your characters.

The more characters you want, the longer this process will take.

Nostrogen provides a helpful table for that:

1 character = usually less than a 0.1 seconds

2 characters = usually less than a 1 second

3 characters = usually less than a 30 seconds

4 characters = usually less than a 10 minutes

5 characters = usually less than a 1 hour

6+ characters = keep fire extinguisher handy

The good news is, for your npub to have nice branding, you don’t need a lot of characters.

For myself I only needed four “r0d8”.

Getting a mnemonic, for backup, and for lightning

Once you have your ID, you will want to use it different places and back it up securely. The problem with writing down your ID as an nsec is that it’s long and complicated to write, and too easy to misread and enter the wrong characters when you type it back into your device.

A better alternative exists. You can generate a 12-word mnemonic, and then use that to derive your nsec (documented in NIP-06). The mnemonic is much easier to read, easier to type into new apps, and easier to backup correctly.

If you generate your keys directly as npub and nsec you can never go “backward” to generate a mnemonic. But if you generate a mnemonic first, you can always generate an npub and nsec from it. Furthermore if you generate a mnemonic, you can (optionally) use that same mnemonic to generate your lightning wallet for making payments with.

For these reasons, my view is that using an identity with a mnemonic is best.

Once we have our 12-word mnemonic, we generate our keys (npub and nsec), and we’re ready to use anything in the Nostr ecosystem.

Where the app supports mnemonics you can use that

For everywhere else you can use your nsec

In either case you’ll be recognised everywhere you go by your vanity npub

How to mine a 12-word mnemonic with a branded vanity npub

You’ll need an application for mining. There are very many to choose from, which you can see on this awesome Nostr list by Aljaz

Some work in your web browser, like nostr.rest. Many others you can find on github and install. I tried many including nostr-pubminer, and nostr_vanity_npub, before settling on Rana.

To run these requires basic command line knowledge. I didn’t have that, so I fed the GitHub readme page to ChatGPT, and it walked me through getting everything set up.

Failing many times

Here’s what I did wrong so you don’t have to make the same mistakes.

You can only use bech32 characters in your npub, and may not be every character you want! The allowed character set is only 023456789acdefghjklmnpqrstuvwxyz. Importantly for me there is no “o” “b” or “i” which makes it impossible to generate “rod” or “bishop”! Only “r0d” and “8lsh0p” are possible.

Not every vanity npub miner tell you if you’re using valid characters. Nostr.rest and nostr-pubminer happily sat for hours using my CPU to look for a key that started with “rod” and failed to find one, as they must, because “rod” is not possible (only ”r0d” is possible).

Some miners will ask you “how many threads” would you like to use. It’s a question that relates to how much processor power you want to spend on the task. I didn't know the "correct" answer but found it didn’t matter at all what number I entered.

Some miners will generate npubs just fine, but can not generate the mnemonic. For my needs I needed one that could do both.

Success with Rana

In the end I succeed using Rana by Negrunch

You can find Rana here on Github with a very helpful readme.

In short the process is:

Install Rust (the programming language) and install Rana (the mining application)

Run a command to generate your npub.

For me that command was: “cargo run —release — -n=r0d8 -g 12”

That command breaks down as:

“cargo run” telling Rust to run the application

“-n=r0d8” look for an npub with a prefix of “r0d8”, and

“-g 12” including a 12 word mnemonic

And the outcome is:

A 12 word mnemonic

Private and public keys derived from that mnemonic

My branded vanity npub starting with npub1r0d8...

In summary

The first step in setting up a Nostr profile is to get your identity.

While it’s easy to get an identity made with random keys, if we think our Nostr IDs are going to mean something important in the future, then we may as well set ourselves up with keys that are easy to use, and branded.

That means

12-word mnemonic backups (feature NIP-06)

Branded vanity npub

The mnemonic is easier to backup and also can be used to create a lightning wallet. The branding helps people know your npub is really you

To do this

You need an application for mining a vanity npub

There are many, and I had success with Rana which provided both the mnemonic and the vanity prefix, in one command line instruction.

Next

Please let me know if this kind of post is helpful or anything you’d like me to improve or expand upon!

For my next post I’ll show how to set up a self-custody lightning wallet to make payments on Nostr with Phoenixd and Albyhub

There is this https://delete.nostr.com/. Works perfectly; the ...

2025-12-12T23:49:52Z

There is this https://delete.nostr.com/.

Works perfectly; the notes are deleted.

But the likes, boost, zaps, and alike are still present in the network.

Is there a way to broadcast the kind 5 for them as well?

#asknostr

Hi, @npub1syj…f6wl - I also would like to explore my bookmarks ...

2025-12-12T23:01:17Z

In reply to nevent1q…dlva
_________________________

Hi, Cody (npub1syj…f6wl) - I also would like to explore my bookmarks outside of Android client.

Jumble does have bookmark section, which is great.

But can't find info on whether this is done publicly or the encrypted (NIP-04) way.?

Prefer the latter.

(Amethyst is asking me how I would like to store them. Jumble did not do that, so I assume it's the public tag.)

Can also see the messages in Amethyst, for example. So 0xchat is ...

2025-12-11T18:05:50Z

In reply to nevent1q…hrek
_________________________

Can also see the messages in Amethyst, for example.

So 0xchat is a specialized client mainly for DMs, but the metadata is still public (who is messaging whom and when).

So basically, if I do not switch to XChat, 0xchat (DMs in general) have these disadvantages from a privacy perspective?

I only remember from the early days of nostr to not use the DMs at all.

What is the current state? If I may ask.

OK, this: #note1fk2…xhf5 giving me the answer. We have ...

2025-12-11T17:02:55Z

In reply to nevent1q…v393
_________________________

OK, this:

quoting
note1fk2…xhf5

Hey 0xchat (nprofile…gxal),

Can you please explain the difference between these two apps?

Thank you very much. 🙂

giving me the answer.

We have different clients installed and they are not compatible. I installed 'actual' 0xchat alongside XChat, and now I see the messages.

It is so confusing tbh.

Installed @nprofile…wcse. Someone with whom I would like to ...

2025-12-11T16:47:50Z

Installed 0xchat (nprofile…wcse).
Someone with whom I would like to connect also uses this client.
We both have relay.0xchat.com as DM Inbox
Yet I'm getting only this:

and followed by this:

When the QR code generated in the next step, 'Invite Friends,' is shared with the other party and scanned, the attempt times out.
What we are doing wrong?

Installed the tlp because I wanted a battery management but later ...

2025-12-11T10:49:01Z

Installed the tlp because I wanted a battery management but later found out it didn't support my HW.

Sadly the tlp uninstall(?) in the process the power-profiles-daemon.
At least in my case I had to install it clean to have the power menu back again. Simply systemctl enable the service nowhere to be found.

C'mon, why.

Interesting, if I understand this correctly: 1) the trade-off is ...

2025-12-11T00:42:49Z

Interesting, if I understand this correctly:

1) the trade-off is basically about how much time to allocate. Balancing the potential leak damage (timespan) versus nsec access frequency (how often to create epoch keys).

2) this basically gives me (or the nostr client) a temporary key to protect instead of using the nsec for each event.

Have other solutions been proposed? If so, why weren't they implemented?

(https://untraceabledigitaldissident.com/nostr-cold-root-epoch-key-rotation/)

quoting
nevent1q…nff7
Cold Root Identity v0.1.0

Cold Root Identity is a simple model for survivable Nostr identities. No protocol changes, no new relay behavior, and no delegation logic.

The idea is straightforward:

- A root key stays offline as the authority

- Epoch keys are derived deterministically for actual daily use

- A signed lineage event proves each new epoch key is legitimate

- Clients treat the newest valid epoch as the user’s active identity

- Old posts stay under old keys; new posts use the fresh one

This gives users safe key rotation without burning their entire account. A compromise only affects a single window instead of the whole identity.

The Python reference implementation, test vectors, and spec are here:

https://github.com/GHOST-UntraceableDigitalDissident/cold-root-identity

If you’re a client dev, this is everything needed to implement rotation cleanly today.

Have private bookmarks (in Amethyst) and would like to transfer ...

2025-12-10T22:11:24Z

Have private bookmarks (in Amethyst) and would like to transfer them all into another account (under a new nsec) because they are a nice collection I don’t want to lose easy access to.

Switching the account is a hassle.
Is there an automated way to do this?
Presumably not; I didn’t find an easy way.

So is there some CLI tool I could use?

#asknostr

Every time I have to do something IT‑related for family and ...

2025-12-10T01:26:43Z

Every time I have to do something IT‑related for family and friends, it’s a truly grounding experience.

You can see, remind yourself, the countless reasons why everything feel so smooth (UI), integrated (SSO), closed (AAA), and direct (curated feed), almost hiccup free (NFC payments).

Defaults are powerful and hard to uproot later on.

quoting
nevent1q…j4yt
I personally handle the vast majority of the ZEUS (npub1xnf…lpr5) support tickets. It is humbling and helps with direction and project prioritization. I don’t think I’ll ever detach myself from it too much.

note1uda…3tuk

Interesting to see on Coracle it's displayed all good but on ...

2025-12-08T02:20:16Z

In reply to nevent1q…dcjv
_________________________

Interesting to see on Coracle it's displayed all good but on Amethyst there is part 3 doubled, on first and last place. Weird.

Still my fav way how to nostr: #naddr1qq…gncf #naddr1qq…yj6q ...

2025-12-08T00:50:17Z

In reply to naddr1qq…dyv4
_________________________

Still my fav way how to nostr:

quoting
naddr1qq…gncf

A few months ago, a nostrich was switching from iOS to Android and asked for suggestions for #Nostr apps to try out. Derek Ross (npub18am…p424) offered the following as his response:

nevent1q…rl0z

Yes. #Android users are fortunate to have some powerful Nostr apps and tools at our disposal that simply have no comparison over on the iOS side. However, a tool is only as good as the knowledge of the user, who must have an understanding of how best to wield it for maximum effect. This fact was immediately evidenced by replies to Derek asking, "What is the use case for Citrine?" and "This is the first time I'm hearing about Citrine and Pokey. Can you give me links for those?"

Well, consider this tutorial your Nostr starter-kit for Android. We'll go over installing and setting up Amber, Amethyst, Citrine, and Pokey, and as a bonus we'll be throwing in the Zapstore and Coinos to boot. We will assume no previous experience with any of the above, so if you already know all about one or more of these apps, you can feel free to skip that tutorial.

So many apps...

You may be wondering, "Why do I need so many apps to use Nostr?" That's perfectly valid, and the honest answer is, you don't. You can absolutely just install a Nostr client from the Play Store, have it generate your Nostr identity for you, and stick with the default relays already set up in that app. You don't even need to connect a wallet, if you don't want to. However, you won't experience all that Nostr has to offer if that is as far as you go, any more than you would experience all that Italian cuisine has to offer if you only ever try spaghetti.

Nostr is not just one app that does one thing, like Facebook, Twitter, or TikTok. It is an entire ecosystem of applications that are all built on top of a protocol that allows them to be interoperable. This set of tools will help you make the most out of that interoperability, which you will never get from any of the big-tech social platforms. It will provide a solid foundation for you to build upon as you explore more and more of what Nostr has to offer.

So what do these apps do?

Fundamental to everything you do on Nostr is the need to cryptographically sign with your private key. If you aren't sure what that means, just imagine that you had to enter your password every time you hit the "like" button on Facebook, or every time you commented on the latest dank meme. That would get old really fast, right? That's effectively what Nostr requires, but on steroids.

To keep this from being something you manually have to do every 5 seconds when you post a note, react to someone else's note, or add a comment, Nostr apps can store your private key and use it to sign behind the scenes for you. This is very convenient, but it means you are trusting that app to not do anything with your private key that you don't want it to. You are also trusting it to not leak your private key, because anyone who gets their hands on it will be able to post as you, see your private messages, and effectively be you on Nostr. The more apps you give your private key to, the greater your risk that it will eventually be compromised.

Enter #Amber, an application that will store your private key in only one app, and all other compatible Nostr apps can communicate with it to request a signature, without giving any of those other apps access to your private key.

Most Nostr apps for Android now support logging in and signing with Amber, and you can even use it to log into apps on other devices, such as some of the web apps you use on your PC. It's an incredible tool given to us by greenart7c3 (npub1w4u…0jr5), and only available for Android users. Those on iPhone are incredibly jealous that they don't have anything comparable, yet.

Speaking of greenart7c3 (npub1w4u…0jr5), the next app is also one of his making.

All Nostr data is stored on relays, which are very simple servers that Nostr apps read notes from and write notes to. In most forms of social media, it can be a pain to get your own data out to keep a backup. That's not the case on Nostr. Anyone can run their own relay, either for the sake of backing up their personal notes, or for others to post their notes to, as well.

Since Nostr notes take up very little space, you can actually run a relay on your phone. I have been on Nostr for almost 2 and a half years, and I have 25,000+ notes of various kinds on my relay, and a backup of that full database is just 24MB on my phone's storage.

Having that backup can save your bacon if you try out a new Nostr client and it doesn't find your existing follow list for some reason, so it writes a new one and you suddenly lose all of the people you were following. Just pop into your #Citrine relay, confirm it still has your correct follow list or import it from a recent backup, then have Citrine restore it. Done.

Additionally, there are things you may want to only save to a relay you control, such as draft messages that you aren't ready to post publicly, or eCash tokens, which can actually be saved to Nostr relays now. Citrine can also be used with Amber for signing into certain Nostr applications that use a relay to communicate with Amber.

If you are really adventurous, you can also expose Citrine over Tor to be used as an outbox relay, or used for peer-to-peer private messaging, but that is far more involved than the scope of this tutorial series.

You can't get far in Nostr without a solid and reliable client to interact with. #Amethyst is the client we will be using for this tutorial because there simply isn't another Android client that comes close, so far. Moreover, it can be a great client for new users to get started on, and yet it has a ton of features for power-users to take advantage of as well.

There are plenty of other good clients to check out over time, such as Coracle, YakiHonne, Voyage, Olas, Flotilla and others, but I keep coming back to Amethyst, and by the time you finish this tutorial, I think you'll see why. VitorPamplona (npub1gcx…nj5z) and others who have contributed to Amethyst have really built something special in this client, and it just keeps improving with every update that's shipped.

Most social media apps have some form of push notifications, and some Nostr apps do, too. Where the issue comes in is that Nostr apps are all interoperable. If you have more than one application, you're going to have both of them notifying you. Nostr users are known for having five or more Nostr apps that they use regularly. If all of them had notifications turned on, it would be a nightmare. So maybe you limit it to only one of your Nostr apps having notifications turned on, but then you are pretty well locked-in to opening that particular app when you tap on the notification.

#Pokey, by KoalaSat (npub1v3t…yvjh), solves this issue, allowing you to turn notifications off for all of your Nostr apps, and have Pokey handle them all for you. Then, when you tap on a Pokey notification, you can choose which Nostr app to open it in.

Pokey also gives you control over the types of things you want to be notified about. Maybe you don't care about reactions, and you just want to know about zaps, comments, and direct messages. Pokey has you covered. It even supports multiple accounts, so you can get notifications for all the npubs you control.

One of the most unique and incredibly fun aspects of Nostr is the ability to send and receive #zaps. Instead of merely giving someone a 👍️ when you like something they said, you can actually send them real value in the form of sats, small portions of a Bitcoin. There is nothing quite like the experience of receiving your first zap and realizing that someone valued what you said enough to send you a small amount (and sometimes not so small) of #Bitcoin, the best money mankind has ever known.

To be able to have that experience, though, you are going to need a wallet that can send and receive zaps, and preferably one that is easy to connect to Nostr applications. My current preference for that is Alby Hub, but not everyone wants to deal with all that comes along with running a #Lightning node. That being the case, I have opted to use OVO (npub1h2q…w8ch) for this tutorial, because they offer one of the easiest wallets to set up, and it connects to most Nostr apps by just copy/pasting a connection string from the settings in the wallet into the settings in your Nostr app of choice.

Additionally, even though #Coinos is a custodial wallet, you can have it automatically transfer any #sats over a specified threshold to a separate wallet, allowing you to mitigate the custodial risk without needing to keep an eye on your balance and make the transfer manually.

Most of us on Android are used to getting all of our mobile apps from one souce: the Google Play Store. That's not possible for this tutorial series. Only one of the apps mentioned above is available in Google's permissioned playground. However, on Android we have the advantage of being able to install whatever we want on our device, just by popping into our settings and flipping a toggle. Indeed, thumbing our noses at big-tech is at the heart of the Nostr ethos, so why would we make ourselves beholden to Google for installing Nostr apps?

The Zapstore (npub10r8…t2p8) is an alternative app store made by franzap (npub1wf4…dgh9) as a resource for all sorts of open-source apps, but especially Nostr apps. What is more, you can log in with Amber, connect a wallet like Coinos, and support the developers of your favorite Nostr apps directly within the #Zapstore by zapping their app releases.

One of the biggest features of the Zapstore is the fact that developers can cryptographically sign their app releases using their Nostr keys, so you know that the app you are downloading is the one they actually released and hasn't been altered in any way. The Zapstore will warn you and won't let you install the app if the signature is invalid.

Getting Started

Since the Zapstore will be the source we use for installing most of the other apps mentioned, we will start with installing the Zapstore.

We will then use the Zapstore to install Amber and set it up with our Nostr account, either by creating a new private key, or by importing one we already have. We'll also use it to log into the Zapstore.

Next, we will install Amethyst from the Zapstore and log into it via Amber.

After this, we will install Citrine from the Zapstore and add it as a local relay on Amethyst.

Because we want to be able to send and receive zaps, we will set up a wallet with CoinOS and connect it to Amethyst and the Zapstore using Nostr Wallet Connect.

Finally, we will install Pokey using the Zapstore, log into it using Amber, and set up the notifications we want to receive.

By the time you are done with this series, you will have a great head-start on your Nostr journey compared to muddling through it all on your own. Moreover, you will have developed a familiarity with how things generally work on Nostr that can be applied to other apps you try out in the future.

Continue to Part 2: The Zapstore. Nostr Link: naddr1qv…y5au

quoting
naddr1qq…yj6q

In this second installment of The Android Elite Setup tutorial series, we will cover installing the Zapstore (npub10r8…t2p8) on your #Android device and browsing for apps you may be interested in trying out.

Since the #Zapstore is a direct competitor to the Google Play Store, you're not going to be able to find and install it from there like you may be used to with other apps. Instead, you will need to install it directly from the developer's GitHub page. This is not a complicated process, but it is outside the normal flow of searching on the Play Store, tapping install, and you're done.

Installation

From any web browser on your Android phone, navigate to the Zapstore GitHub Releases page and the most recent version will be listed at the top of the page. The .apk file for you to download and install will be listed in the "Assets."

Tap the .apk to download it, and you should get a notification when the download has completed, with a prompt to open the file.

You will likely be presented with a prompt warning you that your phone currently isn't allowed to install applications from "unknown sources." Anywhere other than the Play Store is considered an "unknown source" by default. However, you can manually allow installation from unknown sources in the settings, which the prompt gives you the option to do.

In the settings page that opens, toggle it to allow installation from this source, and you should be prompted to install the application. If you aren't, simply go to your web browser's downloads and tap on the .apk file again, or go into your file browser app and you should find the .apk in your Downloads folder.

If the application doesn't open automatically after install, you will find it in your app drawer.

Home Page

Right at the top of the home page in the Zapstore is the search bar. You can use it to find a specific app you know is available in the Zapstore.

There are quite a lot of open source apps available, and more being added all the time. Most are added by the Zapstore developer, franzap (npub1wf4…dgh9), but some are added by the app developers themselves, especially Nostr apps. All of the applications we will be installing through the Zapstore have been added by their developers and are cryptographically signed, so you know that what you download is what the developer actually released.

The next section is for app discovery. There are curated app collections to peruse for ideas about what you may want to install. As you can see, all of the other apps we will be installing are listed in franzap (npub1wf4…dgh9)'s "Nostr" collection.

In future releases of the Zapstore, users will be able to create their own app collections.

The last section of the home page is a chronological list of the latest releases. This includes both new apps added to the Zapstore and recently updated apps. The list of recent releases on its own can be a great resource for discovering apps you may not have heard of before.

Installed Apps

The next page of the app, accessed by the icon in the bottom-center of the screen that looks like a clock with an arrow circling it, shows all apps you have installed that are available in the Zapstore. It's also where you will find apps you have previously installed that are ready to be updated. This page is pretty sparse on my test profile, since I only have the Zapstore itself installed, so here is a look at it on my main profile:

The "Disabled Apps" at the top are usually applications that were installed via the Play Store or some other means, but are also available in the Zapstore. You may be surprised to see that some of the apps you already have installed on your device are also available on the Zapstore. However, to manage their updates though the Zapstore, you would need to uninstall the app and reinstall it from the Zapstore instead. I only recommend doing this for applications that are added to the Zapstore by their developers, or you may encounter a significant delay between a new update being released for the app and when that update is available on the Zapstore.

Tap on one of your apps in the list to see whether the app is added by the developer, or by the Zapstore. This takes you to the application's page, and you may see a warning at the top if the app was not installed through the Zapstore.

Scroll down the page a bit and you will see who signed the release that is available on the Zapstore.

In the case of Primal, even though the developer is on Nostr, they are not signing their own releases to the Zapstore yet. This means there will likely be a delay between Primal releasing an update and that update being available on the Zapstore.

Settings

The last page of the app is the settings page, found by tapping the cog at the bottom right.

Here you can send the Zapstore developer feedback directly (if you are logged in), connect a Lightning wallet using Nostr Wallet Connect, delete your local cache, and view some system information.

We will be adding a connection to our OVO (npub1h2q…w8ch) wallet in part 5 of this tutorial series.

For the time being, we are all set with the Zapstore and ready for the next stage of our journey.

Continue to Part 3: Amber Signer. Nostr link: naddr1qq…0nug

quoting
naddr1qq…dyv4

Your identity is important to you, right? While impersonation can be seen in some senses as a form of flattery, we all would prefer to be the only person capable of representing ourselves online, unless we intentionally delegate that privilege to someone else and maintain the ability to revoke it.

#Amber does all of that for you in the context of #Nostr. It minimizes the possibility of your private key being compromized by acting as the only app with access to it, while all other Nostr apps send requests to Amber when they need something signed. This even allows you to give someone temporary authority to post as you without giving them your private key, and you retain the authority to revoke their permissions at any time.

greenart7c3 (npub1w4u…0jr5) has provided Android users with an incredibly powerful tool in Amber, and he continues to improve its functionality and ease of use. Indeed, there is not currently a comparative app available for iOS users. For the time being, this superpower is exclusive to Android.

Installation

Open up the Zapstore app that you installed in the previous stage of this tutorial series.

Very likely, Amber will be listed in the app collection section of the home page. If it is not, just search for "Amber" in the search bar.

Opening the app's page in the Zapstore shows that the release is signed by the developer. You can also see who has added this app to one of their collections and who has supported this app with sats by zapping the release.

Tap "Install" and you will be prompted to confirm you are sure you want to install Amber.

Helpfully, you are informed that several other users follow this developer on Nostr. If you have been on Nostr a while, you will likely recognize these gentlemen as other Nostr developers, one of them being the original creator of the protocol.

You can choose to never have Zapstore ask for confirmation again with apps developed by greenart7c3 (npub1w4u…0jr5), and since we have another of his apps to install later in this tutorial series, I recommend you toggle this on. Then tap on "Trust greenart7c3 and install app."

Just like when you installed the Zapstore from their GitHub, you will be prompted to allow the Zapstore to install apps, since Android considers it an "unknown source."

Once you toggle this on and use the back button to get back to the Zapstore, Amber will begin downloading and then present a prompt to install the app. Once installed, you will see a prompt that installation was a success and you can now open the app.

From here, how you proceed will depend on whether you need to set up a new Nostr identity or use Amber with an existing private key you already have set up. The next section will cover setting up a new Nostr identity with Amber. Skip to the section titled "Existing Nostrich" if you already have an nsec that you would like to use with Amber.

New Nostrich

Upon opening the application, you will be presented with the option to use an existing private key or create a new Nostr account. Nostr doesn't really have "accounts" in the traditional sense of the term. Accounts are a relic of permissioned systems. What you have on Nostr are keys, but Amber uses the "account" term because it is a more familiar concept, though it is technically inaccurate.

Choose "Create a new Nostr account" and you will be presented with a screen telling you that your Nostr account is ready. Yes, it was really that easy. No email, no real name, no date of birth, and no annoying capcha. Just "Create a new account" and you're done.

The app presents you with your public key. This is like an address that can be used to find your posts on Nostr. It is 100% unique to you, and no one else can post a note that lists this npub as the author, because they won't have the corresponding private key. You don't need to remember your npub, though. You'll be able to readily copy it from any Nostr app you use whenever you need it.

You will also be prompted to add a nickname. This is just for use within Amber, since you can set up multiple profiles within the app. You can use anything you want here, as it is just so you can tell which profile is which when switching between them in Amber.

Once you've set your nickname, tap on "Continue."

The next screen will ask you what Amber's default signing policy should be.

The default is to approve basic actions, referring to things that are common for Nostr clients to request a signature for, like following another user, liking a post, making a new post, or replying. If you are more concerned about what Amber might be signing for on your behalf, you can tell it to require manual approval for each app.

Once you've made your decision, tap "Finish." You will also be able to change this selection in the app settings at any time.

With this setup out of the way, you are now presented with the main "Applications" page of the app.

At the top, you have a notification encouraging you to create a backup. Let's get that taken care of now by tapping on the notification and skipping down to the heading titled "Backing Up Your Identity" in this tutorial.

Existing Nostrich

Upon opening the application, you will be presented with the option to use your private key or create a new Nostr account. Choose the former.

The next screen will require you to paste your private key.

You will need to obtain this from whatever Nostr app you used to create your profile, or any other Nostr app that you pasted your nsec into in the past. Typically you can find it in the app settings and there will be a section mentioning your keys where you can copy your nsec. For instance, in Primal go to Settings > Keys > Copy private key, and on Amethyst open the side panel by tapping on your profile picture in the top-left, then Backup Keys > Copy my secret key.

After pasting your nsec into Amber, tap "Next."

Amber will give you a couple options for a default signing policy. The default is to approve basic actions, referring to things that are common for Nostr clients to request a signature for, like following another user, liking a post, making a new post, or replying. If you are more concerned about what Amber might be signing for on your behalf, you can tell it to require manual approval for each app.

Once you've made your decision, tap "Finish." You will also be able to change this selection in the app settings at any time.

With this setup out of the way, you are now presented with the main "Applications" page of the app. You have nothing here yet, since you haven't used Amber to log into any Nostr apps, but this will be where all of the apps you have connected with Amber will be listed, in the order of the most recently used at the top.

Before we go and use Amber to log into an app, though, let's make sure we've created a backup of our private key. You pasted your nsec into Amber, so you could just save that somewhere safe, but Amber gives you a few other options as well. To find them, you'll need to tap the cog icon at the bottom of the screen to access the settings, then select "Backup Keys."

Backing Up Your Identity

You'll notice that Amber has a few different options for backing up your private key that it can generate.

First, it can give you seed words, just like a Bitcoin seed. If you choose that option, you'll be presented with 12 words you can record somewhere safe. To recover your Nostr private key, you just have to type those words into a compatible application, such as Amber.

The next option is to just copy the secret/private key in its standard form as an "nsec." This is the least secure way to store it, but is also the most convenient, since it is simple to paste into another signer application. If you want to be able to log in on a desktop web app, the browser extension Nostr signers won't necessarily support entering your 12 word seed phrase, but they absolutely will support pasting in your nsec.

You can also display a QR code of your private key. This can be scanned by Amber signer on another device for easily transferring your private key to other devices you want to use it on. Say you have an Android tablet in addition to your phone, for instance. Just make sure you only use this function where you can be certain that no one will be able to get a photograph of that QR code. Once someone else has your nsec, there is no way to recover it. You have to start all over on Nostr. Not a big deal at this point in your journey if you just created a Nostr account, but if you have been using Nostr for a while and have built up a decent amount of reputation, it could be much more costly to start over again.

The next options are a bit more secure, because they require a password that will be used to encrypt your private key. This has some distinct advantages, and a couple disadvantages to be aware of. Using a password to encrypt your private key will give you what is called an ncryptsec, and if this is leaked somehow, whoever has it will not necessarily have access to post as you on Nostr, the way they would if your nsec had been leaked. At least, not so long as they don't also have your password. This means you can store your ncryptsec in multiple locations without much fear that it will be compromised, so long as the password you used to encrypt it was a strong and unique one, and it isn't stored in the same location. Some Nostr apps support an ncryptsec for login directly, meaning that you have the option to paste in your ncryptsec and then just log in with the password you used to encrypt it from there on out. However, now you will need to keep track of both your ncryptsec and your password, storing both of them safely and separately. Additionally, most Nostr clients and signer applications do not support using an ncryptsec, so you will need to convert it back to a standard nsec (or copy the nsec from Amber) to use those apps.

The QR option using an ncryptsec is actually quite useful, though, and I would go this route when trying to set up Amber on additional devices, since anyone possibly getting a picture of the QR code is still not going to be able to do anything with it, unless they also get the password you used to encrypt it.

All of the above options will require you to enter the PIN you set up for your device, or biometric authentication, just as an additional precaution before displaying your private key to you.

As for what "store it in a safe place" looks like, I highly recommend a self-hosted password manager, such as Vaultwarden+Bitwarden or KeePass. If you really want to get wild, you can store it on a hardware signing device, or on a steel seed plate.

Additional Settings

Amber has some additional settings you may want to take advantage of. First off, if you don't want just anyone who has access to your phone to be able to approve signing requests, you can go into the Security settings add a PIN or enable biometrics for signing requests. If you enable the PIN, it will be separate from the PIN you use to access your phone, so you can let someone else use your phone, like your child who is always begging to play a mobile game you have installed, without worrying that they might have access to your Nostr key to post on Amethyst.

Amber also has some relay settings. First are the "Active relays" which are used for signing requests sent to Amber remotely from Nostr web apps. This is what enables you to use Amber on your phone to log into Nostr applications on your desktop web browser, such as Jumble.social, Coracle.social, or Nostrudel.ninja, eliminating your need to use any other application to store your nsec whatsoever. You can leave this relay as the default, or you can add other relays you want to use for signing requests. Just be aware, not all relays will accept the notes that are used for Nostr signing requests, so make sure that the relay you want to use does so. In fact, Amber will make sure of this for you when you type in the relay address.

The next type of relays that you can configure in Amber are the "Default profile relays." These are used for reading your profile information. If you already had a Nostr identity that you imported to Amber, you probably noticed it loaded your profile picture and display name, setting the latter as your nickname in Amber. These relays are where Amber got that information from. The defaults are relay.nostr.band and purplepag.es. The reason for this is because they are aggregators that look for Nostr profiles that have been saved to other relays on the network and pull them in. Therefore, no matter what other relay you may save your profile to, Amber will likely be able to find it on one of those two relays as well. If you have a relay you know you will be saving your Nostr profiles to, you may want to add it to this list.

You can also set up Amber to be paired with Orbot for signing over Tor using relays that are only accessible via the Tor network. That is an advanced feature, though, and well beyond the scope of this tutorial.

Finally, you can update the default signing policy. Maybe after using Amber for a while, you've decided that the choice you made before was too strict or too lenient. You can change it to suit your needs.

Zapstore Login

Now that you are all set up with Amber, let's get you signed into your first Nostr app by going back to the Zapstore.

From the app's home screen, tap on the user icon in the upper left of the screen. This will open a side panel with not much on it except the option to "sign in." Go ahead and tap on it.

You will be presented with the option to either sign in with Amber, or to paste your npub. However, if you do the latter, you will only have read access, meaning you cannot zap any of the app releases. There are other features planned for the Zapstore that may also require you to be signed in with write access, so go ahead and choose to log in with Amber.

Your phone should automatically switch to Amber to approve the sign-in request.

You can choose to only approve basic actions for Zapstore, require it to manually approve every time, or you can tell it that you "fully trust this application." Only choose the latter option with apps you have used for a while and they have never asked you to sign for anything suspicious. For the time being, I suggest you use the "Approve basic actions" option and tap "Grant Permissions."

Your phone will switch back to the Zapstore and will show that you are now signed in. Congratulations! From here on out, logging into most Nostr applications will be as easy as tapping on "Log in with Amber" and approving the request.

If you set up a new profile, it will just show a truncated version of your npub rather than the nickname you set up earlier. That's fine. You'll have an opportunity to update your Nostr profile in the next tutorial in this series and ensure that it is spread far and wide in the network, so the Zapstore will easily find it.

That concludes the tutorial for Amber. While we have not covered using Amber to log into Nostr web apps, that is outside the scope of this series, and I will cover it in an upcoming tutorial regarding using Amber's remote signer options in detail.

Since you're already hanging out in the Zapstore, you may as well stick around, because we will be using it right out the gate in the next part of this series: Amethyst Installation and Setup. (Coming Soon)

Hi, @nprofile…u0w6 so this anon post does work like for each ...

2025-12-07T16:51:19Z

In reply to nevent1q…qh86
_________________________

Hi, hodlbod (nprofile…u0w6) so this anon post does work like for each post Coracle create keypair and discard the priv key immediately.
So in case I do like my anon a lot, there is no way to keep him alive?
It's one post one keypair.
The ... options do not allow for deletion request, assuming it's because of that.
(No need for actual deletion.)

Nostr event nevent1qqsqqqqrdx885y9750cl6jzlhy5j7c65kg24fjjr02tqtn2a3a4ttugzyrw4khdv6wt2m5utwd0s8l9h834gk7aannem6hmgarpayyu456twq2prszy

2025-12-06T00:34:04Z

#asknostr

PoW, user just spend short time on Nostr.
Well I know the settings can be adjusted (on some clients and usually on/off for WiFi/cellular).

But what is the solution?

Media proxy, enforcing the size of media/file per note/blossom event while client attempt to make a use of media/file?

Not only relay wasting bandwidth but also user suffer - it's really so far still data heavy and not usable on many places around the world.

So far seems to me that only can filter content eventually through some relays that will do the job (DVM for data saving?) for me if client will sense the device is on mobile data.

Or caching feed offline on WiFi and letting me mainly read it with info that it's not in-time atm of seeing notes.

Where I can read more about actual state of this within the Nostr space?