Last Notes
Every couple months I do a race where I have some agents go off and build a feature or fix a bug while I do it myself in Cursor. The time I spend reviewing and fixing the agent's work always end up being longer and more painful, which is I haven't switched over to an "agent command-center" style of software dev.
I do kick off worktree agents here and there throughout the day to make minor changes that come up while I'm working on a larger branch. But those are side quests while I work on the main thing.
Cursor's Composer 2 model is performing much worse for me than Composer 1 :( I feel like Composer 1 really hit a sweet spot for me between speed and quality.
For me the bottlenecks for coding with AI are:
- understanding all the code that the model wrote
- testing changes
Composer 1 really helped with the first because it could blast out small amounts of code that I could quickly review without my brain getting bored and context switching to something else. I feel like I'm an outlier in that I'm trying to stay heavily involved in the dev flow rather than having a multiple agents work on long tasks and then coming back in cold to review their work. Is anyone else using smaller quicker models in this way?
Just had an hour long video call in flotilla (the video part is still in dev, not released yet). The call quality was actually really impressive, better than Jitsi or Keet I would say. Props to Livekit for the killer open source WebRTC toolkit.
I'm going to be hanging out in in the "Voice Chat" room in Flotilla today in case anyone wants to jump in and try it out! Here's an invite to the space: https://app.flotilla.social/spaces/meta.spaces.coracle.social/trarghstroyno6
#nevent1q…e6x9
If you're curious what I've been working on for the past month, I published my quarterly report for Opensats on my blog: https://mattlorentz.com/2026/03/30/opensats-q1-grant-update.html
Hi my name is Bart, trying out NOSTR because I love a free web. #introductions
Thanks to the folks at a #DWeb meeting in #Berlin to introducing me to the protocol.
I'm up for this too!
#nevent1q…6z2p
Hello funny square phone.
https://image.nostr.build/e57b4cb7d160e5580cb31b3132227a2d096f89e208926dc6cf245c45e257e6e9.jpg
Just published divine-signer, a small library that gives your app one NostrSigner interface across five auth methods: nsec, NIP-07 extensions, NIP-46 bunker, nostrconnect, and OAuth. drop it in and let users pick how they sign.
https://github.com/divinevideo/divine-signer
Folks, we need you now. Claude is offering 6 months of Max x20 to open source projects that have 5,000+ stars on GitHub.
Go to GitHub and star your preferred Nostr projects. Let's see if at least one of us makes it.
https://github.com/vitorpamplona/amethyst
More info: https://claude.com/contact-sales/claude-for-oss
Just had the first flotilla design review meeting *in flotilla* using the voice rooms feature I am building. Fun times!
We have a Bitchat android branch that extends the mesh with WiFi aware – in addition to Bluetooth!
It's one of the most exciting feature we're working on but it still needs a lot of love.
Supposedly this will allow more stable, long ranging connections.
I'm looking for help. The basic implementation is there. The Wifi mesh works. The hard part is to make everything click with the rest of the code base. I've already started refactoring large parts of the Mesh logic so it can be plugged into different transports (BLE, WiFi, ...). This should be future-proof when we want to add more transports later (for example internet!).
Any OG Android devs or brave vibe covers out there who would like to jump in and help us polish this feature? We're a team of 1-4 volunteers working on an app with millions of downloads. If you want to help, send me a DM with your Signal handle! Intelligence employees not welcome.
https://github.com/permissionlesstech/bitchat-android/pull/545
https://blossom.primal.net/28649aaa640dc2c6522aa26bb720121a4d654c685eb54462e1067ec09d0cd324.png
Built a NIP-17 DM app to test the https://login.divine.video OAuth flow.
https://privdm.com
It's only 1-1 though, so now I'm wondering if a marmot-ts fork is doable.
Discord announced everybody will be required to provide faceid or a government id and if they don't their account will be restricted to teen mode. I'm sure Discord will be good stewards of this important private data, after all they've not had a major leak of ID's and personal information since October 2025.
When people ask my why I spent so much time in Uruguay and New Zealand, a map like this helps explain it. There are only 9 majority non-religious countries in the world. The only two outside of Asia/Europe are Uruguay and New Zealand. They also oddly have a lot of sheep. I don't that's connected.
https://blossom.primal.net/a3d9343ec173e73ad25b9e3f521a2392b279095a966d4b5bf1eb6b06b49860a1.jpg
We're getting ready to release the nostr video app, Divine, on to @nprofile…uvay but i want to have some folks test it first. Specifically the way we load up your kind 0 and 3 from other relays and try and preserve all of your lovely content, plus allow login via nostr connect / nsec bunkers are critical.
So if folks wouldn't mind taking a peak at the app and try it out. I THINK we're doing well by your various nostr events, but i'm not 100% sure, hence the test. So maybe try first with a secondary nsec. ;-D
https://github.com/divinevideo/divine-mobile/releases/tag/1.0.4
New UI updates for DiVine before we push to ZapStore for our initial Android beta release.
https://i.nostr.build/IoVLE0DduuU6kG5R.png https://i.nostr.build/pq4CQI8cpA71YuPN.png https://i.nostr.build/uezi8nISSDMLZ1ft.png https://i.nostr.build/FHjl93sjP6sFpNAq.png
Start line to finish line!
https://blossom.primal.net/9a59978d2d5c036bbeca18e450fc85c89e2bda9b1765bfaff24062ec431cccec.jpg
https://blossom.primal.net/07f57cb39efdca0f0f8ed78cbaa373d78fdf651a9f18aa359a9d7623c9514a11.jpg
Ok hodlbod has been COOKING on his frost signer thing with email login. I just got a demo from him and it has me more excited about Nostr than I have been in a long time.
- users can sign into Nostr apps via email (or someday any other identity system they like. Phone? Facebook? snail mail? Āhau?) but behind the scenes they still have a private key
- no server or company ever needs a full copy of their private key
- at any point they can extract their Nostr key from the system to use another one (like a bunker, hardware signer, or just a different group of signing servers, etc.)
The big problem with Nostr onboarding is that people need to put in a significant amount of work to understand and manage keys before they even get a chance to get any value out of the software. But pomade enables someone to join without thinking about keys, *and later* start caring and still be able to take full custody of their key. It is the second part that nobody has really done before, on Nostr or anywhere else that I know of. It's not bulletproof, but it combines all the best tech we have to balance ease-of-use, security, and user control.
This was more useful than I thought it was going to be:
"From all the text you know about me from our conversation history, can you analyze from my typing errors which are the keys or key combinations that I find most difficult and where I make the most errors?"
#AI
Happy horrible software vulnerability day everyone https://react2shell.com/
I'm currently working on a custodial multisig thing with email-based recovery and login for the normies. Would love any thoughts on the spec, especially with regard to possible security/privacy problems:
https://github.com/coracle-social/pomade
Hello Nostr community
We’re Superbloom, and we’re working with andotherstuff (Rabble and team) to develop the first Nostr community survey. The goal is to surface pain points and strengthen the ecosystem’s UX and tooling foundations and figure out what should be prioritized for better adoption and growth of Nostr.
The Nostr Community Survey is now live! If you’re a developer, builder, creator, or simply someone who cares about decentralised social networks, this is your chance to help shape the future of Nostr.
This survey aims to:
• Understand what support would make the ecosystem more accessible and inclusive.
• Learn how Nostr can better serve the developers and builders working on the protocol.
• To learn how the community understands Nostr and to identify opportunities for growth and engagement.
🗓: Open: 21 November 2025
🗓: Closes: 6 January 2026
👉: Take the survey: https://survey.superbloom.design/878514
Your voice matters! Have a say and shape what comes next in the Nostr community !
If you have any questions or feedback, contact; research@superbloom
Hello, my Nostr family! 👋
The 52nd dose of your Nostr Recap (1st December 2025) is live. In this recap you could explore what happened last week in the #Nostr world under the topics below. Enjoy it! 👀
https://image.nostr.build/ffe3f3dcc91f15631ffa2707d4fdf526ba47b168059a1d42730154188d177c50.png
🧠 Quote of the Week
🔥 Community Highlights
🌱 Ecosystem Growth
📅 Upcoming Events
📰 Nostr in the Media
⚡ Most Zapped Last Week
😂 Nostr Memes
🛠️ Tools, Updates and Releases
🎁 Developer Tools, Updates and Releases
🌐 Relay Updates and Releases
Explore here:
https://yakihonne.com/article/naddr1qvzqqqr4gupzqt0ql7s2cg6l7306fn9egnxn7vlhnl6ay870jhcplx23dwmtkukvqy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qghwaehxw309aex2mrp0yh8qunfd4skctnwv46z7qq42a88vv3hv5e4jvz9xqk477pcv99x2wzkg5d4xl2g
@npub1sg6…f63m, @npub1qe3…zefe, @npub1wmr…g240, @npub1spd…q6j7, @npub1upa…x054, @npub1chs…kdvm, @npub1der…xzpc, @npub1vmw…dwtf, @npub1rtl…jtfs, @npub1md3…ctp9, @npub14q8…ct2x, @npub1yx6…7kza, @npub1r0r…q9ac, @npub170k…0w7z, @npub176p…vgup, @npub1wf4…dgh9, @npub1xdt…ntxy, @npub1c0r…tlvg, @npub1get…0nfm, @npub14wx…gcye, @npub18am…p424, @npub1nl8…f9d0, @npub10qd…arpj, @npub12vk…pugg, @npub1yxd…3ylt, @npub1dtg…up6m, @npub1dg6…sguz, @npub1zuu…c2uc, @npub1l2v…ajft, @npub1x5t…55am, @npub1f4u…r407, @npub1lrn…qnw5, @npub1dsn…2h64, @npub1jjn…vknm, @npub1dge…5uq3, @npub1hpn…tplc, @npub1yzt…kr7r, @npub1ynn…u3gk, @npub1aul…cxl3, @npub1lrn…qnw5, @npub1j6j…g7fw, @npub1ujm…t8l4, @npub1eqc…dfpd, @npub180c…h6w6, @npub1jlr…ynqn, @npub1w4u…0jr5, @npub179e…0zj8, @npub1zl3…jajh, @npub1qn6…xsha, @npub16ye…g4wn, @npub1zuu…c2uc, @npub1s02…fxtw, @npub194q…tgkd, @npub1qqp…l2ng, @npub1zvy…vfj0, @npub1use…k5ks, @npub16jd…33sv.
#Nostr #NostrRecap #GrowNostr #Newsletter
nostr wins if it stops trying to be a twitter clone and starts being the invisible layer underneath apps you actually want to use. like bitchat for location-based messaging, diVine for entertainment, whitenoise for private messaging, zap.stream for streaming, shakespeare for vibe coding, etc.
it wins by unbundling into 50 different apps that all talk to each other, rather than one giant app/corp that traps you. it's all about the ecosystem.
No shade to the microblogging twitter like apps but we’re seeing a wave of new apps that take Nostr in to being the universal social app protocol. We’re learning what Nostr native means.
#note1utu…d65e
I just posted a project update video for Keydex that shows the current features and future plans. Plus an announcement that I'm renaming the project from Keydex to Horcrux! Check it out: https://tube.tchncs.de/w/oyxzSzhocB3k6BNbVTdU7d
Happy (half) Birthday, @npub1t5u…j4c2!
In the last 6 months, here’s some of what AOS has accomplished…
• Marmot protocol
• Shakespeare, a Nostr-based AI coding agent
• diVine showing mainstream breakthrough potential
• Bitchat (iOS + Android) supporting people in freedom movement
• Major upgrades to Cashu libraries
• Flotilla as the Foundry’s first external project partnership
• A real innovation lab with traction + PMF
• The first Nostr Builder Experience Survey
• The core team is connected, engaged, and actively collaborating together
TL;DR: The kids are alright.
Learn more and get involved at https://andotherstuff.org
Nostr’s core are the developers who build all the apps and servers and other tech we need to make it work. Eventually I hope the tech eventually fades in to the background as users come for the community they can find.
We can do better as a developer community. One of the projects I’m working on through And Other Stuff is making Nostr a better place for developers.
The first step is to listen and learn, to do that we’re working with the open source support group superbloom.
Please fill this out if you’re helping build nostr and share.
https://survey.superbloom.design/878514
If someone speaks fluent Japanese, Chinese, and Thai we would love to translate this in to those languages in order to reach more devs.
I've been quiet lately but I've just been very heads down trying to get Keydex ready for it's first alpha usability test, which I'm about to head to right now! I'll try to post a project update this week, as I passed the halfway point on my (relatively tight) 4 month timeline recently.
Hey Nostr,
I need your help. Divine.video as you might have seen is a new video nostr app that i've been working on for the last 3 months.
It got MUCH more attention than I was expecting. Hundreds of millions of people viewed, liked, or shared videos about it. I've got some of the biggest original Viners in my DM's begging to get back on it. The TestFlight hit it's 10k limit in a few hours.
I'm excited but also really stessed out. We've had lots of bugs and Apple and google have been their usual black boxes when it comes to app review.
A bunch of folks have stepped up to help, @nprofile…9kky got the android build working for example.
Lots of things have broken, nobody really knows how survive a flash flood. I'm sharing this because I need help. We've got a chance to really grow nostr, the idea of a video app that's not got AI slop and does focus on something more human is resonating. People hate what's happening to tiktok, instagram, and youtube shorts where algorithms and the platforms love of AI generated content going viral is taking over. Instead of fighting back we see AI only platforms like MetaAI and Sora. This is an assault on the very idea that people are central to social media. I think big companies see the shine of AI generated content and dream of a world without all these pesky rabble making demands of platforms. If only they could replace the creators with bots.
This call to action felt right to me, but holy shit I had no idea it'd go so viral.
The app has lots of bugs, and we need appstore approval, but at the moment the biggest problem I have is relays. I need you, the nostr community's help. I started out with strfry which we know scales but lacks search. So i started using nosflare, https://github.com/Spl0itable/nosflare , by @nprofile…4nss which worked pretty good when we had dozens of users but has had scaling issues and has been hard to debug. But Nosflare is cool. I was able to easily add nip-50 search support, and because it runs on cloudlfare i hoped would scale horizontally. When I told @nprofile…4nss I was using nosflare, he said i should have told him... but again I didn't think this would escalate so quickly. So then we tried using the ditto relay https://github.com/andotherstuff/otherstuff-relay by @nprofile…t7fy and put a bunch of really beefy servers behind it. Even then it's struggling to keep up.
The thing is, we're pre-launch, we have 10k users in testflight and a mostly read only site at divine.video which is a react app.
I'm a really terrible sysadmin. Yes I've helped run my own mail server since the 90's but I hate it and i'm not good at it. I know my way around my command line, I've compiled my own kernel from source, but fuck i hate it. And now i've got to setup and scale servers to realize the dream of something i've worked on for the last 8 years. I need your help, but maybe i'll digress...
In 2017 I decided to learn crypto, i joined a startup, quantstamp, and built their testnet, a SAT solver to verify smart contracts. I quit because I came to see how scamy the world of ICO's and tokens were. I'm not the only Nostr dev to have explored the 'darkside'. I started my company to build decentralized social, initially trying to take secure scuttlebutt to the mainstream. I built planetary.social, and worked with amazing dev's like @nprofile…w4p8 and others we saw Nostr arrive and we pivoted! We built Nos.social, which i'm really proud of but it never took off.
A few months ago I was in talks to help start andotherstuff, but i was also very frustrated with running a company, I wanted to build stuff myself. So I stopped managing people, started a podcast, and really dove in to building with agentic programming. I built a bunch of things I threw away. A lot of bad experiments. In the course of the revolution.social podcast i kept hearing about Vine. I listed to the "Vine 6 seconds that changed the world" podcast: https://vine-six-seconds-that.captivate.fm/ and I talked to people about this social media platform that was shutdown when @nprofile…zx6m was trying to save Twitter when he returned as CEO.
I thought, well Vine is cool, I know folks like @nprofile…srrg and others have build nostr video apps, how hard could it be to make a nostrvine app. I started coding, that's why the repo is still called nostrvine: https://github.com/rabble/nostrvine Turns out that it wasn't that had to make something that sort of worked.
Then I thought, it'd be cool to dig up some old vines. I searched the internet, found some on youtube, some on the way back machine, and I thought oh cool, i found a couple hundred popular old vines. Then I hit the motherlode, a community internet preservation project called archiveteam had run crawlers to archive the site: https://wiki.archiveteam.org/index.php/Vine they had about 2.7 TB of vine data, but in these very hard to work with WARC files that are 40GB each! I spent a month or more learning to parse and extract the files. I realized i had the meta data for most vine users, millions of comments, and hundreds of thousands of actual vine videos! It was a nightmare to parse because of the size of the files, the messiness of the data, and the like. But it was a consuming fun project, a puzzle.
At the same time, I was learning about flutter, I've had to rewrite the nostrvine codebase many times as i learned about riverpod, figured out how to get the UI to update smoothly while interacting with nostr. Getting the app to run fast and smooth was really hard. I also had to figure out how to host the damned videos in a way that works. I tried google cloud, cloudflare, and bunny. I made TONS of workers to run all of these services to make the system working. I also was seeing how much people, myself included are frustrated by AI slop, taking over social media. I have an old friend who runs a non-profit tech org, The Guardian Project, they'd make a tool for verifying videos are real for documenting human rights abuses. I thought, hell i could use this proofmode thing they've got to verify that videos are real. People like realness.
Over the last few weeks the pieces came together, I was scheduled to speak at WebSummit with @nprofile…5cp7 and also to interview @nprofile…9grd on the main stage talking about enshittification of the internet, and how we can resist it, by building things like Divine.
I talked to a reporter from Tech Crunch who'd written a positive article about AndOtherStuff, and she was excited to write an in-depth piece about my vine clone. Once the date was set, I had no choice to go forward. Was the app ready, NO NOT AT ALL. I was literally coding up releases on the plane while flying to Web Summit in Lisbon. I started submitting the app, and getting rejected. It got much better really fast, and basically works.
On the stage at WebSummit when I introduced diVine, the audience clapped politely. I showed the app to people and they sometimes said "oh this will be big" and wanted to play with it. But if you've ever made software, and you show it to people, everybody always finds something nice to say about it.
I had so little faith in diVine taking off that I was planning on taking a few days off to explore Morocco before heading to a non-profit software dev meetup in SF. It was only the last minute that I decided I might need be near a computer and internet connection post launch to see how things are going. Until diVine launched I thought the highlight of my trip and WebSummit would be that a podcast network wanted to pick up revolution.social and help me build an audience around the podcast.
I have never seen anything like this excitement. Just look at tiktok: https://www.tiktok.com/search?q=divine there is a wave of people excited about it. There's a wave of news about it: https://news.google.com/search?q=divine%20vine&hl=en-US&gl=US&ceid=US%3Aen Folks are saying that I'm taking on TikTok, and it's been on the evening TV news all over the place.
This is a dream. More excitement than I ever could have dreamed of. Creating a social media app that reflects all the values I laid out in rights.social . Building something people love and are excited about. When the app's been up, the new videos are amazing, so funny, so creative. When Jack launched Twttr, we didn't get this reaction. It took a lot of time for twitter to emerge as a star. The scaling issues didn't even show up until a year after twitter launched. When Kevin launched Instagram it got 150K signups in the first few days, and I was blown away at how fast it was growing.
If it hadn't been for my messing up getting in to the appStore, and having my relays collapse under the traffic, diVine would have grown much faster. Somehow it hits a nerve.
This is where I need your help, the Nostr community. I've already got help from a ton of folks like the folks from @nprofile…mrhy and @nprofile…pa8a and others i'm forgetting right now... But we need more help. Let's do this as a community.
We're building a permissionless, open future that can't be shutdown by corporate owners. But we only get there if the tech works. We don't get to integrate cashu and show users how there's another business model for social media if we don't make an experience that people enjoy using.
Here's where we are. We've got the new nip for replaceable video events, which is supported by divine and amethyst... https://github.com/nostr-protocol/nips/pull/2072/files we've got the proofmode verification spec i proposed: https://github.com/nostr-protocol/nips/pull/2109 and my weird fork of nosflare which adds the ability to do filter requests that sort on things other than timestamp, it lets us find the most popular old vines: https://github.com/rabble/nosflare
The blossom server for media running on cloudflare mostly works, bunny is mostly working to scale serving the content. But fuck our relays are having trouble. Partially it's because divine doesn't optimize how many relay connections it does, so help with that would be appreciated.. but mostly it's we need to scale the relays, we need to work fast, and reliably. I'm trying to not talk much about Nostr and not make users understand anything about how nostr or keys or relays work.
We need a network of relays, we can dedicate for this, scale horizontally, which respond quickly, and support search. We could have search relays + normal content ones, but doing that requires updates to the released app, which is hard to do because we've got a delay of a day or more per release. So it's best if we can put this all behind relay.divine.video.
In terms of content moderation, my tactic is to provide a pretty heavily moderated experience on the primary relay and media server. But users own their keys, and the app lets users change or add relays and switch media servers. That way we can provide both freedom and the curated experience of users we're enticing away from centralized corporate social. And all of this is open source.
So help! I need nostr sysadmins and scaling folks. Please help. We don't have much time to catch this wave, and I'm in over my head. If you can help, reach out, rabble@rabblelabs.com or send me a DM, i'll add you to a slack room, and we'll figure it out.
Join me and we'll make a social media revolution to make revolution possible.
Can an android user please take a look at https://divine.b-cdn.net/app-release.apk and see if it works?
Well that was fast, we had 10k people join the divine.video testflight in 4 hours.
https://hol.is is a pretty cool option for community relay hosting
In the latest episode of revolution.social I talk to Journalist and author Jeff Jarvis where he says Bluesky isn’t yet as open as it should be to ensure true user freedom.
Full episode out now.
youtu.be/WJ8wNo5eN2I
My first borsch
https://blossom.primal.net/d62e8e0b6200fd3d08dfc69376687fc3300269a03707965e65dc6d2f224f2663.jpg
Gave https://undocumented.nostrkinds.info a visual upgrade ❤️ and made kind detection smarter, accepted kinds are now properly filtered out.
We are live! The Mexico City chapter of NOSTR now has a digital home! NOSTr.mx is now our official page! #CDMX Hacker Garage and more news coming soon!
@npub18am…p424 @npub1wmr…g240 @npub1pmw…4nu6 @npub19hs…5jcn @npub14wx…gcye
On Revolution.Social this week i talked to Blacksky founder Rudy Fraser. He talks about building on the ATprotocol but without being controlled by the Bluesky company. They run their own moderation, algorithms, identity servers, hosts (PDS), and are building an entire alt tech stack called rsky.
But what's most interesting to the Nostr and Bitcoin community is in this conversation we talk a lot about how to fix the money. We talk about needing to build an alternative financial system which is not owned or controlled by the state or corporations. We talk about the role of mutual aid in social change and building a future society we want to live in. And we talk about Cashu and how we're exploring bringing it in to the ATmosphere (how the they talk about the ATprotocol ecosystem beyond just bluesky).
It was a fascinating conversation, and i really hope that Nostr Bitcoiners take a listen as this is a conversation about permissionless protocols and freedom money which is very different from what we normally hear in bitcoin circles.
https://www.youtube.com/watch?v=UA1DutGDVcs&list=PLklPNPs42pgA3IImetDMeQ3kflBrOqwr7
Day 2 using Github's spec-kit for development did not go as well. The AI and I got lost trying to write reams of overly generic TDD test stubs. It felt like the AI couldn't really get a clear picture from just the spec requirements what it should be testing before the actual implementation code was written.
So today I changed course and changed my constitution (the like underlying spec doc for the repo) to use an outside-in development approach instead of TDD and we made a lot of progress. I also got a new playwright MCP set up for browser automation and it's working a lot better than the last one I had. After some considerable setup the LLM was generally able to run the app in the web browser and click around to test its own changes.
Welcome to #Nostr @npub1nl7…e74w! Brendon is looking for folks into #CircularEconomy + #RegenAg #grownostr
Next Tuesday 23-09, open online call about Operation Kidstr
Room (@HiveTalk) will open at 18:30 UTC, short presentation will start at 19:00 UTC.
#nevent1q…e236
Earlier this year I discovered these inflatable off brand mascot costumes and started taking them to raves and festivals. First a cat, then a bear, and now I’ve got a unicorn. The way people react is magical, hugs, delight, and general whimsy. Given how really affordable the costumes are and how much people like them I’m surprised other people aren’t doing this.
https://v.nostr.build/mQV2QoH6Fv9zfwRM.mp4
We need more clients that support the NSFW tag, NIP-36. Meaning allow users to flag their content in this manner AND blur or hide content with this tag.
#nevent1q…swan
Sharing some wireframes I made for Keydex here, mostly because @npub1000…vwqk asked to see them but I figured why not share them publicly.
They have a watermark because I am using the trial version of the design software 😬
https://blossom.lorentz.is/938d7eabe684ee5a529f7a7d78feee31f0259d6ed674601baa4ba04cb3fa50e5.pdf
Thanks for the feedback on these @npub1jlr…ynqn, @npub1000…vwqk, and @npub1jr8…wwnw!
Does anybody need contract Swift or Flutter work? Doesn’t have to be nostr related.
I’ve been noodling on my OpenSats projects and one thing I wanted to hear people’s thoughts on is the idea of lightly encrypted groups vs. relay-based groups. And by lightly encrypted I mean that all group data is encrypted with a shared key that gets rotated, but without end-to-end encryption, forward secrecy, post-compromise security, and all the fancy stuff you get with MLS. Basically the unmerged NIP-87 (https://github.com/nostr-protocol/nips/pull/875/files?short_path=ed261ea#diff-ed261eac15a3dc7dbd825342a3e89dc960824a52afd2dd032f30876fbfb25698)
I know this idea has been discussed a lot, and I have been pretty convinced that NIP-29 made the most sense for the most groups. I also know MLS groups are in the works, but they have a lot of downsides. So a few things over the past month are making me reconsider.
The main one was talking to @npub1vjh…ejkd from @npub1j4g…fuu4 who makes a good argument that groups should be a first class citizen on Nostr. This would enable groups of groups and potentially other innovations like putting the group master key in a FROSTR cluster. It also helps enable forkable groups and groups migrating between relays / sets of governing rules. (Great article from SocialRoots about their full vision https://www.socialroots.io/intimacy-gradients-the-key-to-fixing-our-broken-social-media-landscape/)
Another factor is that people keep asking me if groups are going to be encrypted in my new client and I don’t like saying no to that 😅. Even though I think the confidentiality guarantees of NIP-29 are good enough for most groups - that’s not what people want to hear. I used to think that getting a bunch of Nostr clients to all implement key rotation the same way was too much to ask, and I still think MLS is overkill for medium to large groups. But if you allow some privileged software to run with some kind of group admin key to do the rotation (an allowance that NIP-29 already makes) then it hugely simplifies the complexity for client developers and now you can say the magic word ✨encryption✨.
I also feel like I missed out a bit on the debate between these when it happened. What do you think?
https://image.nostr.build/4897c787877a24f58d1596c12ec698aaccaf6158121b6ee274e949be8671408d.jpg
I've finished my first round of interviews for Keydex and they were so enlightening. I'm so addicted to user interviews now, I don't understand how I made so much software without them.
The top insight from this round was clarifying the different use cases for Shamir's Secret Sharing. Here's what I came up with:
- inheritance planning
- corporate secret management for ultra-sensitive values i.e. root passwords
- border crossings
- web3/crypto/Nostr key backup
The most interest by far was in the inheritance planning use case. People have some digital stuff they want to pass on, but don't want it sitting in plaintext in the hands of (generally very normie) friends and family. Keydex will work for all cases listed above but I'm going to keep the inheritance use-case top of mind while developing. Which already invalidates some of the design work I did last week. I was going to make a fun retro/gamey UI, but now I'm going to shift towards something more calm and reliable.
I’m not a developer, and I’ve always been terrible at sysadmin-type tasks. That’s why I always resisted switching to a Linux laptop as my daily driver.
A year ago, I finally decided to make an Ubuntu machine my main workhorse. I was proud of myself but also incredibly uncomfortable—always nervous about messing things up, unable to handle simple tasks like properly setting up my disks, and constantly confused by the different ways to install apps (snap, flatpak, …). Well, that’s all over now, thanks to the Warp AI-powered terminal!
It’s like having one of my smartest dev friends sitting next to me, but without the embarrassment of constantly having to ask for help.
Today, Warp helped me set up a RAID 1 disk to mirror my main storage. Then, I asked it to run a check for keyloggers, and I ended up with a cron job that runs weekly to scan for all kinds of threats (rootkits, viruses, open ports, etc.). As a bonus, it even sends me a nice report with the test results via email.
I can't recommend it enough!
The free plan will easily cover everything you need to become a Linux power user. (Thanks @nprofile…205k for the tip!)
https://blossom.primal.net/2040b68198e7a3cb38be3da1e21abd2d7f56eed979316d34a59b83030147b231.png
https://www.warp.dev/