Last Notes
The main treasury of @nprofile…9rg4 has been drained yesterday. We lost €110k (https://txinfo.xyz/gnosis/tx/0x89387e323934fc5b498c5e12714dc4a372be60781ef06f2800ffb138709bfbe4)
Already reached out to Monerium, gnosis team, etc. but there is nothing we can do to recover the funds 😢
What happened:
One of our signatories had for historic reasons two keys to make any payment from the multisig of our Monerium account. He has been a victim of a supply chain attack (PolinRider) earlier this month. We first thought that only environment variables were at risk, not his private keys. But apparently the attacker installed a keylogger and retrieved the encryption key of his metamask.
Mistake 1: those two keys belong to the same person and should have been on two different devices. They somehow ended up in the same metamask on his main computer (we were unaware)
Mistake 2: that person actually left the organization months ago and we should have removed his keys from the SAFE. That’s my negligence. It’s not enough to set up a multisig, it needs constant tending.
Very expensive lesson. How was your Monday?
Gm Brussels
https://blossom.primal.net/92976c444b0c589f6bf544b056f66d83d3b4c85830b2a23ff8c97265c19c87cd.jpg
How to Train Your Agent.
Soon in a theater near you.
https://blossom.primal.net/ea238d7e27dcc162ba86dafb6cb6335cbd0901d846389a4bda628fdaee977162.jpg
Hermes relay allowlist verification; please ignore.
Gold is rarely used as money.
Bitcoin is the ultimate settlement layer. It doesn’t have to be the currency that people use everyday to transact.
There’s got to be a better way to rotate api keys and other env variables 🔑
What do you guys use?
Looks like I’m infected. Damn. Be safe out there.
Also, there’s got to be a better way to easily rotate your env variables.
Latest npm virus (aka supply chain attack):
https://github.com/OpenSourceMalware/PolinRider
Everything that can be hacked will be hacked. Crazy times.
Hello Amsterdam
https://blossom.primal.net/564022c4ee1402b92f11595e5cac19f8d59280df4268264502fc7f689196041f.jpg
CLI First is the new Mobile First.
It forces you to get to the essence of your application. No distraction. Focused work. Efficient. Minimal battery impact. Just get the job done and get out of the way.
Taste the difference.
Make a difference.
Vote with your money.
https://blossom.primal.net/76785b8706a078619a8bd162dbbda32874cf3030ad5c128c88e39c1f30f9bd59.jpg
Yes 💯. Big believer in pick your (benevolent) dictator. We are social animals. We live in societies. That means we have to give away some of our freedom to meet our fellow humans in the middle (it’s also simply too much work, too much mental load to have to be in control of everything).
But we should always be able to retreat to our own space where we should have full privacy and anonymity, and we should always be able to vote with our feet and pick another tennis court that follows different governing rules.
Always. That’s why it has to be done at the smallest possible level. Today it’s at the global level (with current tech platforms). I’d argue we ought to decentralize that to the community level.
I’m all for sovereign individuals, but the reality is that the vast majority will be under sovereign communities.
I’d love to see a digital belfry, a place where any community could safely store all its data and that would provide all the services for collective sovereignty:
- a nostr relay for messaging
- a blossom server for files/media
- a collective bunker to store everyone’s private keys
- an email server
- a shared drive
- a shared calendar
- a common ledger
- …
What else?
A belfry is a symbol of the sovereign collective:
“Where a cathedral spire represented the Church and a castle keep represented the lord, the belfry represented the commune — the self-governing town. Building one was an act of civic emancipation, an architectural declaration of independence from feudal and ecclesiastical authority. The bells rang on the town’s own schedule, the archives proved the town’s own rights, and the silhouette on the skyline said: we govern ourselves here.”
https://blossom.primal.net/1c2f2e3169aa41a543a1cbae435884348115aea8e97eae98232cd20a010e00c2.jpg
The orchestrator is the new webmaster
The main point was the cli, not the storage. So I just treat all types the same way. It gives you a local backup of all your notes in jsonl format and a way to sync with different relays.
👌
(I took a similar approach for https://nostrcli.sh)
What do Nostr people think of Mastodon?
@nprofile…va65 you all good? We haven’t heard from you in a while. Hope you are well!
A mix of Apache 2.0 and EUPL-1.2
You can see it here: https://github.com/eu-digital-identity-wallet
I love that they open source it. Now I’m curious to have some experts taking a look at it.
https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/blob/main/docs/annexes/annex-B/annex-B-zkp.md
macOS is the best OS for humans. Linux is the best OS for agents.
Instead of an easy to use but limiting GUI, text files everywhere to configure everything. A nightmare for humans, heaven for LLMs.
I've been using Claude to configure my machine and it's been (mostly) great. Not perfect, but very promising. I wish someone would train a small open source model dedicated to help you configure your Linux environment. This would be perfect.
The new interface is a chat bot. One single input.
The system should be able to understand what the user wants and offer different views based on the context.
Gm Brussels (Hollekken-Linkebeek, just outside of Brussels, direct train)
https://blossom.primal.net/dbe3577c62db33a5dfa5dd5e36840b949ee1454188babe5249406e51a2c53735.jpg
https://blossom.primal.net/b0a37d6edc2a7db74bdb0121211aec9f58abe726713c76516544772dc4ab7eaa.jpg
https://blossom.primal.net/26a833a350e5183813a23ca3c9e9872d1e6cac8479738d768bdafc33c83b390f.jpg
Gm Brussels
https://blossom.primal.net/bb7f43f5e70d114a822f0380198d3db43bebdbb59843cdec19a083e764d54a13.jpg
Every day a daily brief based on Brussels’ various newspapers.
You can also get it in your mailbox.
#naddr1qq…qky7
Anthropic is the Apple of LLMs. They want to have a tight control on their ecosystem to ensure prime user experience for normies. The “it just works” experience. Claude Cowork is a great example of that.
Claude is the M5 in an iPad.
The deno node runtime is actually a very good solution for the supply chain attacks we've seen recently in the npm world as it allows you to define a whitelist of domains that your code is allowed to call. But somehow it doesn't seem to be getting much traction. Looks like bun is the new node runtime that people use. Why?
It's annoying that Apple Hardware is so much better than anything else. It's not even close. I don't want it. I want a proper Linux machine. This would be a good EU regulation: force all manufacturers to play friendly with the open source communiy.
Since I moved to Linux I was missing a proper nostr cli. So I made one: https://nostrcli.sh
My favorite features:
$> nostr dm <nip05domain>
List all users on that domain, start typing the username you want, enter, and start chatting. Back space, back in the list, type another user (bot) name, enter, resume that other conversation. With support for typing indicator to make sure your bot is doing something. 🤖
Also:
$> cat ~/.ssh/*.pub | nostr dm xbot
Give it a try and tell me what you think.
For now I assumed that the same level of security than your ~/.ssh/key was good enough, but I agree, encrypted at rest is much better. An issue is good but a PR is better :-)
Just make sure that people who don’t have the same security requirements can also still use it without the friction of having to have a hardware wallet.
After 20 years, I'm back on Linux. Here is why.
TLDR: macOS is the best user interface for humans, but for agents, Linux is the one you need.
#naddr1qq…lxze
Great feature. We need this too in nostr clients (and relays).
https://blossom.primal.net/ea73e89051f0cbd6e90f065b87b2c96da336d5362d565b9632a4a92e610e2720.jpg
Deers in the Brussels woods. #regenwalk
https://blossom.primal.net/f337736efa309313466b3b457f1ef8f8c72afd395248b0e522cd23d2f70790a0.mov
There is no expectation that a relay should keep everything.
FIFO seems very reasonable.
Now ideally relays could have two lanes:
- verified users by WoT (or other signal)
- others, for which you limit storage for x days
Given the amount of bots, this could probably give a lot of bang for the buck.
I’d be interested if someone would build a plugin for strfry that would implement that.
Gm Brussels
https://blossom.primal.net/ad9d6a368d66c8ff443800526656b16729f90d26749e82b1da080253da4586d3.jpg
https://blossom.primal.net/04bed9d9e88298abb9c2a532510e2a10fe927d8426efa73210c1237e990feddb.jpg
https://blossom.primal.net/a33f4e669e40bb32101a534f1b8ce6cfceefc80f731e56dec6b1a36e4b82eaa5.jpg