@Katelyn Mitalski I love your t-shirt designs. I used to dabble in submitting stuff to woot.com back in the day, but never really honed my craft.

Built some cool shelves for my kids' recent acquisitions

Instead of dunking on zcash for having a bug I think we should be thanking them for risking their bags to experiment with pioneering privacy tech.

NB: yesterday I discovered a flaw in pomade which allows a malicious client (with an authenticated/trusted session) to exfiltrate private key material due to nonce re-use. In practice, because clients are already trusted and frequently hold keys anyway, I don't think anyone is affected in practice (the only integration I'm aware of, Flotilla, doesn't execute this attack). However, if you run a pomade signer, please update ASAP. A two-stage upgrade process is available if you are running in production and have active clients: 1. Upgrade your signers to 0.2.6, which are backwards compatible with the vulnerable signing method. 2. Upgrade your clients to 0.3.0, which swaps out the sign method to a RFC-compatible nonce exchange + psig exchange. 3. Upgrade your signers to 0.3.0, which removes the vulnerable signing method.

Ironically, this is not great for decentralization. But people want users, and users want convenience. I'm doing it the best way I can — FOSS and protocol-first. View quoted note →

Hey @FLOWER I saw you tried out coracle hosting and ran into a syncing error — I've fixed it for you, please give it another try!

Just released: Coracle Hosting! https://hosting.coracle.social This is me trying to make money on open source. You can now PAY ME to get a HOSTED community relay by visiting https://hosting.coracle.social. https://hosting.coracle.social is powered by https://gitea.coracle.social/coracle/caravel, which uses https://gitea.coracle.social/coracle/zooid to cheaply run MANY relays on a SINGLE machine. What this means of course is that you can UNDERCUT my business model by deploying it on your OWN infrastructure and out-marketing me! Let a zillion flowers bloom! Here's the catch though — I'm going to be integrating this deeply into Flotilla, so — assuming I can get my act together and make Flotilla actually good — you'll never have a chance because I own the relationship with the user! However, please let me know if you decide to run Caravel seriously and I will consider adding you to the alternative hosting options in Flotilla. Some neat things about Caravel: - You can accept RECURRING payments with lightning via NWC, as well as by card. - It automatically provisions relays in the background using zooid's relay. - Virtual relays support livekit and blossom integrations if you enable them. - There is a free tier that provides a subset of functionality with a low member limit, so you can try it without any payment details. Give it a try and stress test my billing logic! There's only a slight chance I will accidentally charge you the wrong amount.

Discovering the hidden cost of rust today: 1 hour container builds on my teeny self-hosted gitea instance. Who needs Facebook to DDOS your code forge when you can do it to yourself?

Do people think https://github.com/coracle-social/pomade is a bad idea, or do you just not know about it? It enables login with email and email-based recovery for any nostr app. Keys are stored in a multisig quorum distributed across several parties. It's resilient to custodians going offline via m of n thresholds.