Building https://npub.cash π₯ Working on awesome nostr, cashu and Lightning stuff πβ‘οΈ
Egge @Egge - 6mo
Hi there! Looks like it might be hanging somewhere. Please try clearing your cache and logging in again
Egge @Egge - 7mo
Some nostr clients already do this. It might be a while until Telegram does it haha
This is beautiful π₯π https://video.nostr.build/9569b325978ac303d86ccd138c698bf7930f24fd1a2c63262bf4549f70efc0fd.mp4
This is not the point. Adding OTP enables apps that do not have access to your private key to still implement npub.cash's API. Imagine you want to use cashu.me with npub.cash, but you don't have a signing extension. Instead of pasting your private key in there you could simply: 1. Add you public key to cashu.me 2. Go to your daily driver nostr app 3. Retrieve the OTP and paste it into cashu.me 4. Cashu.me is now authenticated with npub.cash without ever signing anything, nor accessing the keys
No, the problem with NIP-07, NIP-46 and NIP-42 is that all of them require signatures. Requiring a signature comes with the burden of key-management. Either your app accesses keys directly (unsafe) or you use a signer / extension (friction). With this using npub.cash becomes as easy as operating a single nostr client. No additional software required. NIP-46 and NIP-07 logins are still possible. OTP is not mandatory, but complimentary
This is how OTP on npub.cash looks like: 1. Request an OTP via the API 2. Get the OTP from your nostr DM 3. Request an auth token by redeeming the OTP via the API 4. Interact with protected endpoints using the auth token https://m.primal.net/NUgu.mov
No, it's basically SMS 2FA, but on nostr. You enter your npub on the login screen and receive an OTP via NIP17 DM
OTP login coming to npub.cash π₯ https://m.primal.net/NUgP.png
GM nostr! What are you having for breakfast? π³ https://image.nostr.build/a981700a9c1c9aa13d60c384e3d27fdcc2f6d9d5851bb9040c0c73182bff2bf8.jpg
1) Yea, liquidity is an issue. This approach lets the user choose between liquidity and ease of user. Timeframes can be adjusted to balance things out. 2) As long as the timelock has not yet expired, the funds can only be swept by the payer. As soon as it does, both parties can claim them (no exclusivity). Funds become unrecoverable if both parties loose their keys
It might very well be the only thing that is ever observable, but it certainly is not the only thing there is. There is who were yesterday and there will be who you are tomorrow. And if you are no nihilist and believe that humanity is capable of achieving, then your future you will always be a better version of yourself.
The present is eternally lacking π₯
It is. Just like having FOSS wallet software nostr:note13wxhegzvhxer2sfsk6z9nt9dzx29wft05mtyv4k06e2w26d2tl8snj3zc7
My wife told me that I live in a bubble. When I asked why she thinks that, she pointed out that my bookshelf is Bitcoin, Jordan Peterson and software books to one third each π€·πΌββοΈ
NIP-07 does not allow signatures on arbitrary data. I tried to change that, but without success: https://github.com/nostr-protocol/nips/pull/1026
One of my primary goals for the next iteration of npub.cash is to make authorization simpler, while keeping a high level of security. The new version no longer relies on NIP-98 alone but on a mix of NIP-98 and JWTs. Most of the protected endpoints can be accessed by providing a valid auth token. This token can be obtained by providing a valid NIP-98 event ONCE. At the same time, all endpoints still accept valid NIP-98 headers instead of the JWT (this is great for apps that have full access to nsecs). By default withdrawing is not possible using a JWT. However, users can opt-in to withdrawals using JWTs by signaling this when acquiring their auth token using NIP-98. This keeps things secure, while at the same time reducing NIP-07 friction a lot. Reduced NIP-07 friction equals higher security as it makes sure users are not bullied into insecure default settings for their signers. Finally, this opens up the possibility of OTP logins via nostr DMs. Instead of obtaining a JWT using NIP-98, users can get one by providing an OTP that the service sends via a secure nostr DM. I am still figuring out the best defaults for this, but I think the best way would be to require a second OTP on withdrawals.
I am by no means an expert in traditional investments, but looking at the charts funds like MSCI World Core, Tech, S&P 500 and Nasdaq 100 all seem to be quite close. Even if it is βjustβ 10%, itβs still pretty significant over the span of 20 years. Obviously taking inflation into account levels the playing field.
Also human productivity has probably increased by much more over the last 50 years
Maybeβ¦ at the same time many index funds have shown this kind of performance over the last 10 years. Not to mention Bitcoinβ¦
People fail to understand how important patience is⦠100,000 x 1,2^20 = 3,833,760
