Software Engineer • Bitcoin & Nostr • Economics • Security "Do not give in to evil, but proceed ever more boldly against it." —Motto of Ludwig von Mises Lightning self-custody with https://github.com/braydonf/satdress
Braydon Fuller @Braydon Fuller - 1d
Distraction free and natural computing with nostr:nprofile1qqswhhhf99z77pfg80s2c00z27rusxn2tzss7450n34krkwa2yadhtgpp4mhxue69uhkummn9ekx7mqpz3mhxue69uhkummnw3ezuerkv36zuer9wcq3vamnwvaz7tmpw5h8yetvv9ukzcnvv5hx7un8lpntld and nostr:nprofile1qqsyx708d0a8d2qt3ku75avjz8vshvlx0v3q97ygpnz0tllzqegxrtgpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7l329qg Video: https://youtube.com/watch?v=vR15lTHnQIY Audio: https://thebitcoinstandardpodcast.buzzsprout.com/1849151/episodes/16176085-249-daylight-computer-with-anjan-katta
Braydon Fuller @Braydon Fuller - 9d
Saifedean has the most clear explanation of that using an analogy of crops and available seeds (can't just make believe inventory). Does seem like it gets a lot of attention when there is a lot more interesting areas to study.
This is a classic book at the foundation of the Austrian school of economics and still relevent after 151 years! Highly recommended! "Money is not an invention of the state. It is not the product of legislative act. Even the sanction of political authority is not necessary for its existence. Certain commodities came to be money quite naturally, as the result of economic relationships that were independent of the power of the state." — Principles of Economics by Carl Menger (pp 261-2) https://image.nostr.build/19a38defd03284c87010577eaeeadee516b79ff76f11febd0e7da9b04bf97109.jpg Available in a translated reprint at: https://store.mises.org/Principles-of-Economics-P239.aspx
I'm not sure why it was a single event at the start, it seems simple but turns out to be more complex. An event for each follow makes a lot more sense and avoids conflicts between clients that can overwrite a follow list. Gossip is the only client that I know that has dealt with it well, by giving options to merge. However, all of that is not needed if each follow is a single event. Furthermore, if each follow is an event, it can be private or public. It can also be an identity confirmation and include more information to record the name and other kind 0 meta that will help security.
Braydon Fuller @Braydon Fuller - 10d
Copying 12 or 24 words is more simple and efficient than 64 individual characters of hex (or even with bech32 encoding). That's what I mean by less technical, as copying is human focused. Some software or hardware would still be used when the key is hot, however it's isolated to just that software or device. Adding additional needs increases that surface area of potential problems and vulnerabilities.
Even in the case that it isn't completely air-gapped, it also has the advantage of being a familiar, less technical and explicit secure backup with very few dependencies reducing surface area of vulnerabilities. Copying data to an external computer or drive isn't needed, a software key manager isn't needed, computer storage isn't needed, a printer isn't needed, a protocol for securely transmitting the key within a network isn't needed and etc.
I don't think it's utility is in memorizing, very few people will do that and it's likely very unsafe to do that, even if technically possible. The utility I believe is the ease for secure air-gapped transmission of the secret for backing up or restoring in another application. It's a lot more straight forward to backup the secret by writing down a series of words that it is writing down a series of letters and prone to mistakes. It's a less technical option that many people will understand. As far as it being unencrypted, an additional password can be added to the words as the last piece of entropy for additional security. In my opinion, use should be encouraged with Nostr apps.
5) all of the above and when they see value in it.
Cool. I've worked with DHTs before and some of the security issues like eclipse and sybil attacks might be mitigated with a topology that is based on a web-of-trust, rather than by pubkey hash. It may end up being worthwhile to research, for that reason. I would need to take another look at DHT implementations to see how they have mitigated those issues. From my understanding, because of those vulnerabilities, there is somewhat limited utility in a DHT.
What's the problem with seed words?
Braydon Fuller @Braydon Fuller - 13d
nostr:nprofile1qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7a0nq40 are you familiar with DHTs and do you have any thoughts here? Otherwise it seems like it may become necessary to keep a list of all possible known relays and ask every one if they have a kind 10002 and kind 0 for a pubkey.
One nprofile that includes their relays should be enough to start.
Thinking more about a DHT for querying NIP-65 relay list metadata and had an idea. It could be possible to instead have a DHT-like protocol for relays for querying relay list meta data, where if the relay itself doesn't have it, it could ask their neighbors if they have it, and so on with a max hop count. However, rather than it being distributed by hash, it would be distributed by social connection and a web-of-trust.
Waiting for more negentropy and NIP-65 "outbox" support, however my plan is to do this with strfry. https://github.com/braydonf/strfry-tools nostr:nevent1qqsxyyajvamtqh8fn4v6q6rptrs0g6gx8s4zqsp4ww8d4g53asvn2pgpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyzm7669svt0xkjsju50a22zurc0qa589z2xd4yatzx6p2z64a5e0cqcyqqqqqqglv9trm
You may be able to add an up stream from strfry.
Braydon Fuller @Braydon Fuller - 14d
Something that I've found to be important to pay attention to on a carnivore, zero-carb, low-carb or keto diet, is what percentage of calories come from fat compared to from protein. There isn't an objective answer as it depends on the person, however there are good starting points. One of which is a 1:1 ratio per gram of fat to protein, that equals about 70% calories from fat. Some will be better with lower or higher ratios. I've found it necessary to often add fat to meals to increase this ratio, many cuts can be quite lean, even some ribeye steaks. More information in this video: https://youtube.com/watch?v=AKGhsjF-uFU&t=3195s
Braydon Fuller @Braydon Fuller - 15d
Not working on it currently, however I think if Nostr had improved security for profiles so that there is a way confirm and verify identities, it would greatly help. A profile could have an equivalent of a nameserver record. Name definitions would be dependent upon a social graph. It would technically be possible for the same name to mean different things to different groups of people. Those types of disagreements could be displayed in the user interface and would leave it up to the user to decide. These types of events would not likely be common. Improving security of profiles I think involves two parallel goals: 1. Ability to confirm an identity through a social graph (e.g. people you know can help to verify that a profile is the authentic one). This will be useful for completely new users, as well as a user that has had a compromised key. 2. Ability to revoke a key. This will inform followers that a key can not be trusted anymore. This will not include any suggestion of the next key, as it has been compromised it would be useless anways.
Yeah, the inertia and familiarity of apt is one of the reasons of why it's great. However if there was a reason to change, it would be because of app isolation and getting the latest releases. Debian with flatpak sounds like a good option, need to check out Qubes soon too. The AUR system for Arch that can build from source is another that has been convincing. It was necessary to install drivers to print from a Pinebook Pro, as not many distribute ARM binaries for desktop yet. I don't think the Tor Browser had an ARM desktop build yet either, that one takes a bit to build though.
Wasn't a fan of snap, seemed like yet another package manager, but that makes a lot more sense now. It'd be great if the main package manager had it too, because that could have a lot of value for a distro.
