Proof of Pea Soup (still in the making)

This is nuts. I’ve heard that AI can’t be AGI because it lacks embodiment’ (doesn’t have a physical body). But what if the ‘embodiment’ is the machine itself?

X (formerly Twitter)

Marshall Richards (@marshallrichrds) on X

I have had a lot of fun lately letting Claude fully control my old ThinkPad. This finally feels like the correct way to interact with computers, l...

I am on pea soup duty today.

Sharing on how I have implemented Web of Trust (WoT) and Root of Trust (RoT) in #nostr #safebox. There are four steps to the verification: 1. Validation: Is the record crpytographically valid? 2. Presenter: Is the record coming from whom to whom is was issued? 3. Attested By Owner: Did the owner attested that the issuing safebox was theirs? 4. In Trust List: Is the Owner in Trust List. Steps 3 and 4 are independent attestations. For Step 3 the verifier looks up an event signed by the owner that they are indeed the owner of the issuing safebox. Step 4, the verification process has a list of 'root authorities' that are simply npubs, looks up the followers of those npubs and uses that as the 'Trust List'. In this example, there is an account called 'Safebox Trusted Entities', but it could be any account maintained by an organization, such as a College of Physicians, that might want to manage a list of doctors. Up until now, these schemes needs to be managed by 'specialized authorities' such as certificate authorities, or organizations with proprietary databases. Now with #nostr, we can make these schemes completely open, transparent - not capturable by a technical authority. In short, everyone can become their own root of authority, manage their own trust lists, and also decide which roots to trust when verifying. This is just a prototype, but it already demonstrates technical capabilities that are stronger and more reslient - and more open than any certificate authority program or public key directory that is out there, including what is being used by passports, driving licenses, or national authority. Onward!

WORD5 #475 3/6 ⬛🟧⬛🟧⬛ 🟧🟪🟪⬛⬛ 🟪🟪🟪🟪🟪

WORD5

And another report https://www.occrp.org/en/news/jordan-used-israeli-tech-to-crack-phones-of-gaza-war-protestors-report

Be careful, if you are an armchair developer hoping to help protesters in other countries.

The Citizen Lab

From Protest to Peril: Cellebrite Used Against Jordanian Civil Society - The Citizen Lab

Through a multi-year investigation, we find that the Jordanian security apparatus has deployed forensic extraction products manufactured by Cellebr...

The key innovation of #nostr (aside from its simplicity) is the use of the digest (hash) as the identifier of the event/record. That means the info is cryptographically bound to its record identity and, this, the record can be stored anywhere and referenced from anywhere (relays). Amirite? #asknostr

A nostr event is an IP data packet for freedom of expression.

Javier Milei’s speech was like a university lecture. What was the point of that?

‘One common blockchain’

IP packets and Nostr events share the same core idea. The Internet works because every IP packet is complete, independent, and meaningless to the network. Routers don’t know if they’re carrying email, video, or money, they only know how to move packets. Meaning lives above the protocol. Nostr makes the same move for expression and records. Every event is independently signed, has its own event ID, and declares its own semantic intent through kind. Relays don’t know (or care) whether an event is a post, a payment, a credential, or a log entry, they only verify the signature and propagate the event. In both systems, validity is local and mechanical; meaning is voluntary and social. IP separated movement from meaning. Nostr separates authority from platforms. That separation is not a flaw. It’s the source of their power.

My guardrails are cryptographic.

If you don’t spend the up-front effort of understanding a problem, you end up building something that is too complicated and which doesn’t do enough.

It's time for snow bank removal!

Another big pushback FUD on #nostr is that the protocol is not ‘quantum-safe.’ Well, I called bullshit on that FUD by upgrading the protocol to use quantum-safe algorithms (including an upgraded relay)

GitHub

GitHub - trbouma/pqrelay: Post-Quantum Nostr Relay

Post-Quantum Nostr Relay. Contribute to trbouma/pqrelay development by creating an account on GitHub.

It took me a couple of years to figure this out. The core reason why #nostr is going to win as a protocol: By creating a unique event id that is the digest of its: - author (pubkey), - meaning (kind), - timestamp (created_at), - metadata (tags), - message (content), and: signing of this resulting event id (sig) That means you can sign whatever the hell you want with whatever meaning you intend, and it can be uniquely stored or relayed anywhere. #nostr become the sword of simplicity that cuts through the Gordian Knot of interoperability bullshit and semantic capture. This simple format allows anyone to define whatever they want, with only a simple rule for cryptographic validation that it was actually they who created the event. With a few additional conventions it becomes a baseline protocol for social media, but can be expanded to an infinity of possibilities. Thanks for this genius, @fiatjaf

Nostr is the protocol that keeps on giving. I’ve been following the debate in Open Identity Connect (OIDC) where bearer tokens can be used by anyone who intercepts them. Now there is a panic to further lock down the tokens. With, #nauth , I don’t have to worry about this, because I effectively have what I am calling ‘channel-binding’. I have 100% assurance that whatever I send to another npub, only they can decrypt and used. No need to bind the bearer token for the purpose of transmitting between two parties. #nostr #safebox

I think it’s possible to build #digitalpublicinfrastructure that is controlled by no-one and used by everything. That is what I am trying to prove with #nostr #safebox

Digital Public Infrastructure Map - UCL IIPP

The first global investigation of digital public infrastructure.

CA: - Certificate Authority - Certified Assurance - Con Artist