Luxferre

https://luxferre.top

Yes, that one. A voice from outside the echo chambers.
If you like my projects and ideas you can donate me with Monero (XMR):
86neopbgniu1bQ4EXL7oU6V6nFQE8VGebBpNbUVHWzPuFG1LH2Ca84eHFkqgNnEkC7ERrf4uXV2PXeMGREKXPYrb8qBFjzR

Public Key

npub163gcvh4dwwqm4yp2y7355tu9s7e6pzmqlcl3p78m7vm52fq7ej9s0g40f6

NIP-05 Address

[email protected]

Profile Code

nprofile1qqsdg5vxt6kh8qd6jq4z0g6297zc0vaq3ds0u0cslralxd69ys0vezcz3j2af

Publishing to

hodlbod.nostr1.com

nos.lol

nostr.einundzwanzig.space

nostr.mutinywallet.com

Author Public Key

npub163gcvh4dwwqm4yp2y7355tu9s7e6pzmqlcl3p78m7vm52fq7ej9s0g40f6

Show more details

Last Notes

2024-06-09 10:51:47

- reply

It's not POS, it's POW.

2024-06-05 12:15:10

Don't let your life turn into a cloud of hashtags.

2024-06-04 20:37:12

- reply

I'm just too busy solving my local problems here (and won't be active again until I solve at least the base layer of them), but if I had one word to say, it would be Kaspa.

2024-06-04 20:26:33

I am silent not because I don't have anything to say.
I am silent because there's nobody to listen to me here.
It's interesting how the words "listen" and "silent" are anagrams.

2024-05-30 13:26:42

Is it moral to scam the scammers?

2024-05-28 09:24:04

"Your plagiarism will be forgiven, your self-repetition will be forgiven, but if you don't bring any new ideas into this world, they will never forgive you"

2024-05-24 08:52:45

- reply

I used one (RAZR 2019). The cons are obvious: fragility and battery life. Very stylish though.

2024-05-20 14:32:12

- reply

What do I think about emojis? Hmm... Don't even know...
https://www.vice.com/en/article/wxnj49/this-string-of-emojis-is-actually-malware
https://cybersecuritynews.com/hackers-can-use-emojis-to-deliver-exploit-to-the-target/
First two results by searching "emoji exploit" on the webs.
I have nothing against the other two things but they are not to be in any program source code either.

2024-05-20 10:05:06

- reply

I've had a writeup on it some time ago: https://hoi.st/posts/2023-07-24-syntax-off.txt

2024-05-20 06:43:27

> In 2024, a phone (as well as a paper notebook, for that matter) is much more likely to be searched or confiscated than a cheap Casio digital watch (unless it says F-91W, because, you know... stereotypes).
https://hoi.st/posts/2024-05-20-a-look-from-another-side-again.txt

2024-05-20 06:32:11

If a programming language is unreadable without syntax highlighting, it's pretty much useless with it as well.
#syntaxoff

2024-05-09 12:00:05

- reply

Well, then you know what I'm talking about. Just compare Ted Nelson's ideas with this cryptobro hipster level-7 pseudo-decentralization circus that some of them are calling none less than "internet 2.0".

2024-05-09 11:13:10

Being a visionary is not enough to get things going.
Remember Xanadu?
Just as I thought. Because if you did, it would be the bane of your existence.

2024-05-09 10:42:45

Is it just me baffled about how many scam exposing videos promote other scams as their sponsorships?

2024-05-08 11:27:58

The word "scarcity" sounds like a city of scars. Maybe that's what it really is.

2024-05-07 12:25:14

- reply

I mean, mp3s are usually not recompressed by any CDN, so the question is whether or not the excess is truncated.

2024-05-06 09:08:43

- reply

Yes, this one does work.

2024-05-02 16:57:58

- reply

They run Faildows and still think a VPN will protect them from anything. Let that sink in.

2024-04-30 18:01:47

- reply

Some free speech is freer than other, it seems, if one puts enough resources into it.
Those who shout the loudest (e.g. with a gov't sponsored botfarm) will always mute the voices of sanity.
I've spent enough time on unregulated media to confirm this: where the mainstream propaganda is silent, "anti-mainstream" and equally absurd propaganda rises.
Nostr doesn't seem to be an exception as of now.

2024-04-30 17:41:36

- reply

The internet 1.0 was designed by real engineers, not hipster cryptobros who don't know anything lower-level than JSON and websockets and piggypack off the ready-made inventions taken for granted at OSI level 7.
Remove internet 1.0 et voila, Nostr, at its current state, is nothing. Recreate all the levels and then you'll be able to call it like that.

2024-04-30 17:33:02

- reply

#sned

2024-04-29 17:44:09

Censorship-resistant, you say?
https://media.nostr.build/av/e257c74735fec912e7129d2496679dacb26aa53e838c6a1a11cdc63dd92534f3.mp3 https://media.nostr.build/av/e7694fc69016f05145d0fec66c7f14e40c5497d49d67f63e49c7c327ea3137c5.mp3

2024-04-28 11:06:38

For the context, the previous post was about Citizen PMD56-2951 I still haven't got, but I have got a Pixel Tablet and the first thing I did was installing GrapheneOS on it. Luckily, this is the instance where there's no IMEI to change and where rooting isn't so relevant for me.

2024-04-28 09:24:47

"Aren't you afraid to experiment with such expensive things?"
"No. I'm afraid to have them and not be able to experiment with them"

2024-04-24 16:15:57

- reply

By the amount of shit its fanatics talk about everyone else, Bitcoin is the OG shitcoin.

2024-04-22 16:39:24

Those who view the time on their phones, by the way, represent a pre-wristwatch era of pocket watches, only now they are much bulkier, less reliable and allow their manufacturers, governments and various third parties to track their owners.

2024-04-17 15:48:09

- reply

"Junk on top of junk" is exactly what JSON on top of WebSockets on top of HTTPS is. At least in terms of wasted CPU cycles and energy watts.
SMTP is just as censored as the underlying infrastructure. Run it e.g. on the Tor layer and you won't have to deal with DNS, DMARC etc. I only gave it as an example of an already established transport that everyone can build upon (and it's not the protocol's fault it has been heavily misused by big players on the clearnet). And more importantly, it's plaintext, human-readable (except MIME extensions for attachments) and can be debugged without all those fancy tools. And this example was given because, from what can be seen from outside, Nostr tries to reinvent the same functionality + mailing list servers' one. Just wrapping everything into more opaque binary layers than it should.

2024-04-17 12:34:51

- reply

Just insert a wallet address into your mail signature (not S/MIME signature but the one under the text) and have clients recognize it as a clickable one. There you go.

2024-04-17 12:22:00

- reply

That's why someone must fund a glorified overcomplicated parody on SMTP, right?

2024-04-17 10:52:00

- reply

I have ready answers even though I haven't seen the particular list of questions, but I don't want people to lose the reason to exist. They genuinely believe they're working on something innovative and useful. Truth can be hard.

2024-04-16 21:44:14

- reply

No one controls email.
Stop asking for permission... the rest of the text is the same.
Host your own email servers and mailing lists. No need to reinvent the wheel.

2024-04-16 15:46:49

Let's get real.
Notes == PGP-signed emails\*.
Relays == mailing list servers.
Feeds == filtered views on those servers.
What's new here, besides all this json/websocket/ecc bloat and cryptobro-hype?
Everyone can run a mailing list server. All this stuff has been around since 1990s.
#NIHsyndrome is so NIH.
\* (offering much more signature options)

2024-04-16 14:52:40

I'm still genuinely stunned with the amount of effort some people put into constantly creating problems for themselves and then heroically overcoming them.
It gets, however, much worse if others have to be involved in this too.

2024-04-15 13:30:48

Orange Pi Zero + quality Bluetooth adapter + Bluetooth speaker + BlueALSA + mpd = nice Internet-enabled jukebox.

2024-04-14 08:09:31

- reply

What is VC? I already am too old so VBA is Visual Basic for Applications for me, and VC is something like... Vacheron Constantin, idk.

2024-04-13 18:52:52

Cyberpunk not cyberdead. #DWB5600
https://image.nostr.build/2266ef86a295c766bad4e8d768e370688d9803adb00c75fb857c2cd008648900.jpg

2024-04-13 07:54:25

- reply

Who said it's for sale in the first place?
There are many things in this world that are not supposed to be monetized yet still remain useful.
Of course, if you're talking solely about Nostr clients, it's very far away from art. Starting with the protocol itself.

2024-04-13 07:49:13

- reply

There's no fundamental problem with FOSS.
There is a problem with the modern pandemic that (regarding software) started back in 1990s, I guess. When megacorps began turning art into "products" as a part of their anti-individuality vision.
People also got used to "products" instead of engineering artworks. And now, whenever they essentially look at a Jacquet Droz automaton, they expect it to perform like a Teslabot. Of course, not even realizing that Teslabot is mostly vaporware.
The true art and the remaining hope for the software world now lies at the intersection of FOSS and demoscene. Doing this for your own amusement, as optimized as you can, making it work on the weakest hardware, not being bothered that some square-minded rookies can't read what you write, and sharing your knowledge with the rest of the world, for those who can and do understand and appreciate it.

2024-04-08 10:11:56

Unpopular opinion: [Free|Svar]DOS is underrated.
https://hoi.st/posts/2024-04-08-a-few-more-words-about-dos.txt

2024-03-22 18:29:38

- reply

https://bitcart.ai
Fully self-hosted and open-source, servers.guru uses it, as an example.

2024-03-22 18:14:21

- reply

Bitcart is fully self-hosted. Servers Guru uses it, as an example.

2024-03-22 17:25:02

- reply

I don't see bitpay as often as coinpayments, cryptomus, bitcart, whitebit and others that just allow you to send crypto directly from your own wallet to the specified address.

2024-03-22 15:35:52

- reply

You can search for some examples at cryptwerk.com, but the list is quite incomplete there.

2024-03-22 15:34:55

- reply

Still, your address isn't tied to your name (and it won't if you do everything right) and if your balance doesn't exceed six figures (which it shouldn't if you do everything right) then you're much less likely to be noticed by Tether than by your local bank/govt in case of paypal.

2024-03-22 14:36:56

- reply

Ok. I studied the USDT contract again and it looks like yes, the contract owner has a possibility to blacklist individual Tron addresses as well. Nasty. https://tronscan.org/#/contract/TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t/code

2024-03-22 14:18:26

- reply

AFAIK there is no possibility of targeted freezing of USDT-TRC20 transactions on the token smart contract level.
Is there any proof that it can ever be done on the Tron network?

2024-03-22 12:15:02

- reply

Signal is available outside of Android, but you still need Android (or iOS) to use it outside of Android, which kinda defeats the purpose. As far as I remember, this BS was modeled after WhatsApp.
The issue with spam is mostly related to numbers leaking elsewhere.

2024-03-22 11:33:07

While packing a bunch of keypad phones (16, to be exact) and three androids to bring to my best friend tomorrow, I caught myself in the following thought.
There exists only one kind of people I really envy nowadays: those who can live without a cellphone at all.

2024-03-22 09:32:41

- reply

Spam deterrence? There is a lot of Signal-targeted spam these days, specifically through the leaked number databases. It has almost reached the WhatsApp/Viber level of scale where I live. Convenience and security rarely go hand in hand.
If someone uses iOS, what kind of privacy are we talking about, regardless of what's being offered on the application level? It's like typing in the most secure password manager on a keyboard with a hardware keylogger embedded into it. Those who use iOS look like someone who deliberately wants to get pwned, and if one really is privacy-serious, any apple (as well as m$ and google and xiaomi/huawei/etc) products are the first things to get rid of unless you can install a fully custom FOSS system on them. If possible, I'd advise to get rid of anything with non-removable batteries either (unless you can Faraday-cage those things when necessary), but, alas, as of now I can't follow this recommendation myself.
Don't get me wrong, I salute any privacy-improving effort, but a service running on top of the the stock irreplaceable vendor's spyware and collecting phone numbers (which are sometimes totally KYC in some countries, luckily not in mine... yet) upon registration hardly looks like any improvement. And to those who don't know the real deal (and don't buy temporary SMS verification specifically for this purpose), such services can give a false sense of privacy and an illusion of safety. Because you know, there are some places where you can get arrested just for using encrypted calls. With exposed numbers, it is too easy to confirm that you are you (even if they are not KYC but used for PSTN calls or other signups). So, even to noobs, I'd recommend Linphone or SimpleX instead.

2024-03-22 04:51:22

- reply

Yep, something like that. Except it's not 2009 anymore and we have some cryptos that suit the cypherpunk philosophy much better. They even get delisted for this.

2024-03-21 18:51:20

- reply

You really like having no alternative to using touchscreen bricks with preinstalled bloatware and illusions of choice, I get it.
Really makes it worth revisiting my attempts to put together a SIP client for KaiOS 2.5.x whenever I have enough time. Although KaiOS is a huge mess on it's own, it's at least _some_ alternative when it comes to userspace.

2024-03-21 18:43:29

Why is SimpleX praised so much here if it offers no desktop client, let alone CLI?
Again, this imposes obeying mobile duopoly for no real reason.

2024-03-21 17:50:18

- reply

Here's what the official website says:
> To use the Signal desktop app, Signal must first be installed on your phone.
What if I don't have a phone (in fact, pocket PC) where Signal can be installed? Like, at all. I'm a keypad maxi.
Of course I do have some Androids as well, but what if I don't?
Why do they make this so fucking complicated for those who really are freedom-first? Even Telegram doesn't care where you're registering from.

2024-03-21 10:49:57

- reply

Thanks. Where did you get the numbers to register on Signal, by the way?

2024-03-21 10:40:00

- reply

Linphone is integrating quantum-resistant algos into their ZRTP implementation (for now it would be in case of Linphone-to-Linphone calls, of course). How more modern can it be at the moment?
That's point number one. Point number two: SIP (and XMPP, for that matter) addresses look just like email addresses, sans the sip: part. Everyone has an email. Is it any harder than a phone number for normies to remember or what? I'd understand some people can dislike Tox for having long IDs, but this? Come on.
I guess they just want the Big Brother to choose for them. That's the main problem.

2024-03-21 10:27:26

- reply

We aren't surprised that most blockchain nodes do the same, are we?
Except Mina, but even it supports so-called "archive nodes".
Yes, they should.

2024-03-21 09:55:01

- reply

Yes, and I think this broadcast=true&global=all should be set by default unless explicitly requested by the client to keep the note on this relay only.

2024-03-21 09:49:26

- reply

No, I mean across all of them. Every relay should be like Blastr.

2024-03-21 09:47:48

- reply

In the interest of censorship resistance, this should be the default (and opt-out) behaviour. One shouldn't have to get through all sorts of hoops to get heard.

2024-03-21 09:40:13

- reply

Because you can't make all people use one, and you can't make fiatjaf change the spec to propagate notes across relays automatically like SMTP servers do.

2024-03-21 09:13:44

Ok, Linphone-to-Linphone end-to-end encrypted (ZRTP) calls work just fine even across different providers (SIP2SIP and OpenSips, in my case), different networks (Starlink and my carrier's LTE) and different devices (Android and desktop Linux). One of them was connected via TLS, another one via plain TCP. The call still was end-to-end encrypted. So remind me again please, why do you need Signal, WhatsApp, Telegram and other number thieves?

2024-03-21 05:55:28

- reply

More consumption is never a viable answer.
Privacy and security is important to me. But it can be achieved without the elevated NIH syndrome. Even without Tox (although why not?). Just adopt XMPP+OTR and SIP+ZRTP. Plenty of clients and servers out there. Proven track record. Works everywhere.
Gonna do some Linphone-to-Linphone test (Arch Linux to Android) to see if ZRTP is still properly supported on both.

2024-03-21 05:39:11

- reply

Can I use SimpleX on my 15-year-old Macbook Air with bare-console Alpine Linux? Because I can use SIP+ZRTP and XMPP/OMEMO clients there. And they provide thr same level of security while not tying us to modern hardware.
Can I even use simplex on an old Android 4.4, to start with?

2024-03-21 05:14:29

- reply

Why use anything that requires giving away your phone number when you can use just about any Tox or Matrix client?

2024-03-21 04:29:21

The word "bitcoiner" is as pejorative as "youtuber": someone who turned the means into a goal of its own, sacrificing the quality of what it was initially used for.

2024-03-21 02:50:24

- reply

Why are pirates and pirates pronounced differently?

2024-03-20 09:59:53

- reply

I don't see healthcare data anywhere in the app. Marketplace, Live, Community, Chats, Notifications... Did I miss something? Version 0.85.3.
Anyway, please offer something better at the moment. Something that I won't have to decompile.

2024-03-20 09:50:22

- reply

On Android, I use Amethyst solely because Nozzle plain sucks, and I don't see any FOSS alternatives as of now. I didn't even open that tiktok-like and marketplace tabs a single time until you mentioned them.

2024-03-20 09:45:41

- reply

I like how OsmAnd developers did. On Google Play, there are two versions: just OsmAnd (free of charge with some map count limitations) and OsmAnd+ (paid, without limitations). On F-Droid, there is OsmAnd~ (free and without limitations). Like, those who don't know about F-Droid and are fine with Google's spyware must pay for their ignorance.

2024-03-20 09:33:42

- reply

Which ideas are you talking about? This is just an Android Nostr client. Whoever wants to steal its ideas won't have to wait until it becomes open-source. Most liekly, they won't even have to reverse-engineer anything, they will just look at it. It's not a big effort to clone any client if there is enough motivation. Which motivation is here? Insert your own ads or what?
Meanwhile, freedom-loving users are tied to Google dependency or forced to fetch some outdated version from Aurora. Nah, I'll use Amethyst from F-Droid instead.

2024-03-20 09:22:17

- reply

It is not a problem at all if your business model isn't solidly based on selling thin air and if you are not planning to suddenly rip off your userbase in the future.
This ripoff can be in the shape of Telegram Premium, but it also can be in the shape of Atomic Wallet, if you know what I mean.
Honest and large FOSS projects often offer paid support and other bonuses that don't hamper the trust in the main codebase.

2024-03-20 09:14:53

- reply

Internet encourages vaults and bunkers instead. If you don't want your tech to be stolen (whatever you mean by this), don't publish it anywhere in the first place.
Besides, reverse engineering is not stealing if it's not done for any profit but just to make sure this is not malware.

2024-03-20 07:04:59

- reply

If I want to excercise "anti-competitive practices", I'll curb my dignity and launch Google Play. install it from there and export and decompile the apk.
I could have done this from security analysis perspective as well, but the point is, open protocol client should not require users to do that. Stick to twitters and blueskies with that corporastic mentality. Open protocol — open clients and servers. Period.

2024-03-20 06:50:39

- reply

I switched to spa-to-http because I don't want to interact with neither creepy ass deepstate companies nor with russians.

2024-03-19 18:34:14

- reply

Yes, because everything is a trojan until proven otherwise.

2024-03-19 14:36:58

- reply

Where is the source code?

2024-03-19 13:23:29

I think RC4 is being treated unfairly.
If I post a gigabyte-large file and the only thing you know about it is that it's been encrypted with RC4-drop777, will you be able to crack it?

2024-03-18 20:26:17

Hmm. Companies tend to react to any security flaws found in their billing much quicker when they are not just reselling flatrate-bought services.

2024-03-18 05:50:52

- reply

The most boring money is called Tether. Really, if you pull your head out of sand, you'll see people use USDT-TRC20 for transaction convenience the most. Heck, I have some too (because fuck ERC20 with those fees). But will I use them for any serious business? No, I'll use Monero... or whatever will suit my privacy needs best at the moment, because I'm not a slave of brands and dogmas.

2024-03-17 09:34:13

- reply

*to 80% of the world

2024-03-17 09:27:36

- reply

Get a life, seriously. Turning into a sect won't help the cause.
Your bitcoin is traceable by design, nothing can be done about that. You still need to move some funds on-chain to open a channel. That's the moment you're busted. Or your node operator, to start with.
I see posts about "no-KYC sats" here and there. Would that even be an issue which sats are KYC and which are not if the onion routing helped?
L2 "solutions" won't solve the problems rooted in L1. They are merely crutches. And crutches break over time.

2024-03-17 07:50:00

No, I'm not living in the past with all my fountain pens, keypad phones, pocket calculators and slide rules, cassette and CD players, longwave-enabled and mechanical wristwatches and dreams of bringing back POCSAG and NMT.
I'm living in a very probable future that will come when the bubble bursts.

2024-03-15 11:42:23

L2 "solutions" are never the answer to the problems rooted in L1. They are merely crutches. And crutches tend to break over time.

2024-03-15 07:18:31

- reply

Licenses are the concept invented by governments in the first place. So the answer should be obvious.

2024-03-15 07:05:49

- reply

No. Feels like it's tome to move on to better blockchains that cannot let them trace you.
I don't have a zap wallet attached but I have a Monero address in the profile description.

2024-03-14 07:22:20

And also, are there any options of buying a virtual PSTN number for SIP calling with crypto (and non-KYC, of course) and topping it up with crypto as well? I know about JMP.chat but I need SIP, and not in an experimental status, and I shouldn't be charged for *incoming* calls, no carrier does this here.
I could have stuck with my Intertelecom number but I need to get more global.
#asknostr

2024-03-14 07:12:12

- reply

Some Qualcomm 845-based Xiaomi with DivestOS, or anything that can fully run PostmarketOS (non-Android, pure Linux).

2024-03-13 22:13:49

- reply

Just restored my sip2sip.info account.

2024-03-13 20:35:29

- reply

SIP providers are plenty: Sip2Sip, OnSIP, AntiSIP, pbxes, Ekiga, IPtel, Linphone itself, not to mention various SIP-to-PSTN providers like ippi and various Dellmont clones. For pure SIP, I used AntiSIP most.

2024-03-13 10:30:14

- reply

If you do need something as bloated as IDEA, then something is wrong from the start.
But that's not the point. The point is: "create a virus and then make users pay for the antivirus" business model always has worked on those who can't see any other option.

2024-03-13 10:25:23

- reply

But we can study these libraries and decide whether or not to trust them.
Those "trade secrets" often contain algorithms taken from FOSS or ripped from other companies' software.
I guess this issue will only be over once IT businesses will be obliged (by regulations or by natural selection — time will tell) to sell real work, not thin air in the shape of binary copies and license keys.
But the sad truth is, more and more companies just use this "trade secrets" excuse to conceal their own (or govt-issued, who knows) malware in their products. Oftentimes, they don't even try to hide this in their EULAs, which basically say "once you install this on your computer, it's no longer yours but ours".
Many Faildows users still don't realize how large of a technogenic catastrophe this could cause if M$ decides to flip the switch.

2024-03-13 09:36:11

- reply

Ok, I understand, you use Relai the way I use [redacted] (obviously can't disclose the name yet) to onramp fiat. But then, it's not so relevant whether it's non-custodial in this case. Of course, one should move the funds out to a more secure/trusted place immediately after onramping.
It just might be confusing and/or misleading to put an equal sign between real non-custodial wallets that have no interaction with fiat/banking (and no reason not to be FOSS) and those who do provide onramp/offramp and thus have to comply with the rules of fiat world.

2024-03-13 08:59:10

- reply

People put a lot of effort into Unstoppable Wallet and made it open-source and available for everyone and made independent audit results public. This is how it should be, especially when it comes to money storage.

2024-03-13 08:55:54

- reply

Everything is a trojan until proven otherwise. With closed source, it's next to impossible to prove otherwise.

2024-03-13 08:48:55

- reply

But non-FOSS. Hence non-useful.

2024-03-13 08:47:24

Ok, so CSipSimple, Lumicall etc are pretty much dead on Android 14. Linphone and SipDroid are alive, bu the second one is unusable.
So, which FOSS alternatives of Linphone exist at this point?

2024-03-12 11:06:14

- reply

Gitea is a bit bloated too. I use bare repos on the VPS and stagit (with spa-to-http container) to provide a web interface for them.

2024-03-11 07:53:01

Did you know that POSIX standard specifies offset display support for "strings" utility? https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/strings.html
Very useful for pure-shell-based patching of some text in binaries (in combination with dd, of course)

2024-03-10 22:03:20

OK, temporary IMEIs working. Not every time (those damn AT command timeouts or whatever) but I did see another model on my carrier's page. #GrapheneOS spokespeople were wrong, and it's just the beginning of my quest.
The Graphene Saga: part 1 https://hoi.st/posts/2024-03-11-the-graphene-saga-part-1.txt

2024-03-10 13:06:25

- reply

I like their domain name though.