Do you verify every IP packet that is forwarded through your firewall? Or do you trust your firewall maintains a robust state table? You do use recursive DNS with strict signature verification? Do you read the headers (and DKIM signatures) in your email client before reading them or do you trust you mail server did DMARC, DKIM, SPF, rDNS, and IP verification?
Unless you're using your using using IPTables as your firewall with debug logging on, your own recursive DNS resolver with a verifying server in front of it, or for email using K9-Mail on mobile or RoundCube on desktop to your self hosted mail server, chances are you didn't do any of those.
Do I wish people did more verification, you bet I do. But we'd all defer that if we could, it's obnoxious for even the advanced linux user to do, and many of not most system-level applications don't even ship outside the distro's repo, so you couldn't verify if you wanted to. Not to mention still, few projects even sign there commits let alone sign their builds.
I say this as someone who's built my own cli installer tool to manage my own dependencies because this is such a big deal. But I'm regularly interacting with normies on this (colleagues and customers) and know that they'd rather trust me to do it for them.
npub1qd…3fqm7
2026-02-28 18:07:10 CET
in reply to nevent1q…xncs
Author Public Key
npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7Published at
2026-02-28 18:07:10 CETEvent JSON
{
"id": "40e3ef0d580574f73f4e5c3601225923e88fc2e354faeff0be08c409c0df0a18",
"pubkey": "036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"created_at": 1772298430,
"kind": 1,
"tags": [
[
"e",
"cd9dd6de9fe712579cf539e07960a329d943126893044465218a406b05a02b88",
"wss://nostr.land/",
"root",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"e",
"6e5a034b3574958074986eb399c2cf5d2daaeda74a5c743458f697854c885343",
"wss://nostr.land/",
"reply",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11"
],
[
"p",
"17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58"
],
[
"p",
"726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11",
"wss://nostr.land/"
]
],
"content": "Do you verify every IP packet that is forwarded through your firewall? Or do you trust your firewall maintains a robust state table? You do use recursive DNS with strict signature verification? Do you read the headers (and DKIM signatures) in your email client before reading them or do you trust you mail server did DMARC, DKIM, SPF, rDNS, and IP verification? \n\nUnless you're using your using using IPTables as your firewall with debug logging on, your own recursive DNS resolver with a verifying server in front of it, or for email using K9-Mail on mobile or RoundCube on desktop to your self hosted mail server, chances are you didn't do any of those. \n\nDo I wish people did more verification, you bet I do. But we'd all defer that if we could, it's obnoxious for even the advanced linux user to do, and many of not most system-level applications don't even ship outside the distro's repo, so you couldn't verify if you wanted to. Not to mention still, few projects even sign there commits let alone sign their builds. \n\nI say this as someone who's built my own cli installer tool to manage my own dependencies because this is such a big deal. But I'm regularly interacting with normies on this (colleagues and customers) and know that they'd rather trust me to do it for them. ",
"sig": "374768328062b55d1858db59d933da7bf6ea5f3beb1acf7cd55cea1e06c25c8c9a16615d7acf20c53da57cbacb23471ff4249aa487ff183ea84e295f10e96099"
}