ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

me@mleku.dev

npub1fjqq...leku

salty milk is GFY "𝔅𝔢 𝔠𝔞𝔯𝔢𝔣𝔲𝔩 𝔣𝔬𝔯 𝔫𝔬𝔱𝔥𝔦𝔫𝔤; 𝔟𝔲𝔱 𝔦𝔫 𝔢𝔳𝔢𝔯𝔶 𝔱𝔥𝔦𝔫𝔤 𝔟𝔶 𝔭𝔯𝔞𝔶𝔢𝔯 𝔞𝔫𝔡 𝔰𝔲𝔭𝔭𝔩𝔦𝔠𝔞𝔱𝔦𝔬𝔫 𝔴𝔦𝔱𝔥 𝔱𝔥𝔞𝔫𝔨𝔰𝔤𝔦𝔳𝔦𝔫𝔤 𝔩𝔢𝔱 𝔶𝔬𝔲𝔯 𝔯𝔢𝔮𝔲𝔢𝔰𝔱𝔰 𝔟𝔢 𝔨𝔫𝔬𝔴𝔫 𝔲𝔫𝔱𝔬 𝔊𝔬𝔡. 𝔄𝔫𝔡 𝔱𝔥𝔢 𝔭𝔢𝔞𝔠𝔢 𝔬𝔣 𝔊𝔬𝔡, 𝔴𝔥𝔦𝔠𝔥 𝔭𝔞𝔰𝔰𝔢𝔱𝔥 𝔞𝔩𝔩 𝔲𝔫𝔡𝔢𝔯𝔰𝔱𝔞𝔫𝔡𝔦𝔫𝔤, 𝔰𝔥𝔞𝔩𝔩 𝔨𝔢𝔢𝔭 𝔶𝔬𝔲𝔯 𝔥𝔢𝔞𝔯𝔱𝔰 𝔞𝔫𝔡 𝔪𝔦𝔫𝔡𝔰 𝔱𝔥𝔯𝔬𝔲𝔤𝔥 ℭ𝔥𝔯𝔦𝔰𝔱 𝔍𝔢𝔰𝔲𝔰" - 𝔓𝔥𝔦𝔩𝔦𝔭𝔭𝔦𝔞𝔫𝔰 4:6-7 ᴛᴇʟᴇɢʀᴀᴍ: @mleku1 ᴍᴀᴛʀɪx: @mleku17:matrix.org ꜱɪᴍᴘʟᴇx: https://smp15.simplex.im/a#PPki

mleku 1 month ago

No longer need to run amethyst on my phone, I has https://smelt.mleku.dev Will have a native signer soon too. It's mostly done writing, now for debugs and tweaks.

mleku 1 month ago

announcing wss://archive.orly.dev/ - a relay fed by an aggregator that is eating the entire nostrwebs. no idea how long it will take to get everything but then after that, it will stay up to date and be a solution for "note not found" by adding it to your client relay list.

mleku 1 month ago

oh yeah. wss://relay.orly.dev/ is now running on a single core 6gb ARM as the only service on the VPS. should be a lot more reliable running now, and the web address

ORLY?

lets you log in and access the UI. only my follows can actually do very much. bunker signer with background service coming soon, integrates with

Smesh

A user-friendly Nostr client for exploring relay feeds

client, a jumble fork, using Cashu Access Tokens to get anonymous access to the relay for bunkker rendezvous with the signer in your client. both install as PWAs so this means nsec isolation (safe nsecs) without any nonsense on mobile. and when more clients support this protocol, we can move auth to the http layer of the stack using cashu tokens issued by relays to regulate access without making identifiable connections between traffic and identities.

mleku 1 month ago

new client just dropped

Smesh

A user-friendly Nostr client for exploring relay feeds

forked from jumble, cleaned up a lot. has initial support for CAT but not fully working yet. i'm going to put a signer into the orly web ui console, simple place to put it and no rigmerole with forking an android app. it will be a signer on mobile as well as access to your relay ui

mleku 1 month ago

https://git.mleku.dev/mleku/next.orly.dev/src/branch/main/docs/NIP-XX-CASHU-ACCESS-TOKENS.md a cashu cryptography access control system that preserves anonymity completely if combined with use of tor.

mleku 1 month ago

ʀᴜɴɴɪɴɢ ᴍʏ ꜰᴏʀᴋ ᴏꜰ ᴊᴜᴍʙʟᴇ ɴᴏᴡ, ᴀʟʀᴇᴀᴅʏ ʟᴏᴀᴅꜱ ᴏꜰ ʙᴇᴛᴛᴇʀ ᴛʜɪɴɢꜱ - all settings except for single/double pane are synced across logins to the same npuub - ugly bottom bar is replaced with a side drawer of the full labeled menu in mobile phone sizes (768px and smaller). i am building an auth extension that uses time-limited cashu tokens issued by the relay in the web UI interface, which can be accessed using an extension signer on desktop. this shows a qr code of the token which the client can then scan and store alongside the standard bunker strings. it puts this token in a http header, and the relay recognises this and allows the user to connect to do nip-46 messages (mainly, kind restricted). it will be build so it can be used for any context, so it could also replace auth completely, and it's cashu, because all the cool kids like cashu. cashu vouchers. i'm sure i'm not the first to talk about it on nostr but i was so close to figuring it out back in 2013, i just didn't bump into chaum. by using standard cashu format and algos, i leverage what exists, and create an access token that does not identify the user, only the validity of the token. this might actually be a new nip altogether, one that i may not even have much trouble getting added. only caveat is that it probably needs a token request protocol as well. i was just using nip-98 for that. well, yes, that is fine, has to be there, so i'm making a spec NIP-XX Cashu Access Tokens, the token issue protocol, and the http header auth protocol. this is an actually useful and non-cumbersome form of cashu cryptography usage. it could be used for anything, i'm just making it into an extensible, programmable firewall that allows time based service acccess, which is the simplest and easiest to plan with. the pay part is outside of the domain of the access control, and time limited tokens are the standard for a reason, and because of blinded signatures, this works purely as an attestation from the relay that the user has valid access granted, without identifying other than the time window of the subscription. this is to allow any others, i guess it also needs a metadata/configuration. for now just starting with something simple and if it seems like it needs more, i will add, only add, never take away.

mleku 1 month ago

ɪ am ᴅesɪɢnɪnɢ a casʜu ᴛoᴋen ʙaseᴅ auᴛʜ ᴛo aʟʟow reᴛaɪnɪnɢ ᴛʜe 𝔞𝔫𝔬𝔫𝔶𝔪𝔬𝔲𝔰 nɪᴘ-46 ʙunᴋer ᴛraꜰꜰɪc, ʙuᴛ wɪᴛʜouᴛ ᴛʜe sᴘam vuʟneraʙɪʟɪᴛʏ. ɪ suᴘᴘose anʏ reʟaʏ couʟᴅ ɪmᴘʟemenᴛ ɪᴛ ʙuᴛ ORLY? wɪʟʟ ʜave ɪᴛ soon, as ɪ am usɪnɢ ɪᴛ ᴛo enaʙʟe usɪnɢ ᴛʜe reʟaʏ wɪᴛʜ nɪᴘ-46 wɪᴛʜouᴛ ʟeᴛᴛɪnɢ everʏone use ɪᴛ, nɪᴘ-46 ɪs ʙuɪʟᴛ on a ᴘremɪse oꜰ reʟaʏs wɪᴛʜ ɢɪɢaʙɪᴛs oꜰ ᴛraꜰꜰɪc caᴘacɪᴛʏ, ᴛʜɪs oʙvɪousʟʏ ɪs unsuɪᴛaʙʟe ꜰor a ʜome-ʜosᴛeᴅ connecᴛɪon on 100mʙɪᴛ or ʟess. ᴀɴᴅ ᴛᴏ ᴜꜱᴇ ᴄᴀꜱʜᴜ ᴀꜱ ᴀ ɴᴏɴ-ᴍᴏɴᴇᴛᴀʀʏ - ꜱᴘᴇᴄɪꜰɪᴄᴀʟʟʏ ʟɪᴋᴇ ᴀ ᴢʜᴇᴛᴏɴ ᴏʀ ᴄᴏᴜᴘᴏɴ. ɪᴛ ɢɪᴠᴇꜱ ᴍᴇ ɪᴅᴇᴀꜱ, ɪꜰ ᴛʜɪꜱ ᴄʀʏᴘᴛᴏɢʀᴀᴘʜʏ ɪꜱ ɴᴏᴛ ᴇxᴄᴇꜱꜱɪᴠᴇʟʏ ᴄᴏᴍᴘᴜᴛᴇ ʜᴇᴀᴠʏ, ɪɴ ɢᴇɴᴇʀᴀʟ, ᴡʜɪᴄʜ ɪ ᴄᴀɴ ᴛʜᴇɴ ꜱᴡᴀᴘ ᴏᴜᴛ ᴜꜱɪɴɢ ʟɪɢʜᴛɴɪɴɢ ᴋᴇʏꜱᴇɴᴅꜱ ᴏɴ ɪɴᴅʀᴀ ᴀɴᴅ ᴜꜱᴇ ᴛʜɪꜱ ᴛᴏ ʙᴜʏ ꜱᴇꜱꜱɪᴏɴ ᴛᴏᴋᴇɴꜱ ᴡɪᴛʜ ᴄʟɪᴇɴᴛꜱ - ᴜꜱɪɴɢ ᴋᴇʏꜱᴇɴᴅꜱ. ɪ ʜᴀᴅ ᴍᴀᴅᴇ ᴀʟʟ ᴛʜᴇ ᴀᴄᴄᴏᴜɴᴛɪɴɢ ꜰᴏʀ ᴛʜᴀᴛ ꜱʏꜱᴛᴇᴍ ʙᴀꜱᴇᴅ ᴏɴ ᴅᴀᴛᴀ ᴀᴍᴏᴜɴᴛ ʙᴜᴛ ᴛɪᴍᴇ ʙᴀꜱᴇᴅ ꜱᴜʙꜱᴄʀɪᴘᴛɪᴏɴꜱ ᴀʀᴇ ᴍᴜᴄʜ ꜱɪᴍᴘʟᴇʀ ᴀɴᴅ ᴏɴʟʏ ɴᴇᴇᴅ ᴏɴᴇ ᴘᴇʀ ɴᴏᴅᴇ.

mleku 1 month ago

StillWaiting.jpg for people to realise auth is mandatory.

mleku 1 month ago

some musings about nip-46 bunkers they are a target for spammy auth requests, through the relays, which could be client and "relay" on the same point and hammer it with request and response traffic. so, what i'm doing with #ORLY?🦉 is adding a wireguard server to it, and for all whitelisted users, it generates wireguard conection keypairs, which the user can access if they prove they hold the nsec matching the keypair (either by signer extension or direct key input, i was asked to add that capability to orly's web UI, this enables doing it all on your mobile device) then there is a QR code with the wireguard connection config details, which you can tap or click to copy to the clipboard, and then you paste that into a wireguard client on the mobile device, which will contain a wireguard address endpoint that this key is authorised to connect to, thus adding auth to the bunker for a relay with pying/whitelisted users. the only run-around required is adding the wireguard connection to the user, and this listener only allows bunker sign requests, and nothing else, in case it was separately breached it would not open it wider than this. having a web ui for the relay is key to making this possible. it will also have a nip-98 authed enpdoint to request a new one to be generated for an npub that is whitelisted, and then the user can see that in the UI when they log in, and set it up on their wireguard client, which then gives a path for the client to acces the relay using nip-46 bunker in a way that only whitelisted users can use it. annoying. i was wondering why i couldn't use orly as a bunker relay. lol. yeah, the usual shit. auth isn't part of the protocol yada yada fredumbs.

mleku 1 month ago

ᴅᴇᴄᴀʀʙᴏɴɪᴢᴇ - ᴛᴏ ʙᴜʀɴ ꜱᴏᴍᴇᴛʜɪɴɢ ᴜɴᴛɪʟ ᴀʟʟ ᴛʜᴇ ᴄᴀʀʙᴏɴ ɪꜱ ᴇʟɪᴍɪɴᴀᴛᴇᴅ

mleku 1 month ago

charcoal is the best fuel for indoor heating imo. burns perfectly clean, pressed into balls it has a very even burn, energy density is max. anthracite coal can be slightly better but i think the price margin is not so great, if you can even find it. also, i just learned about retort charcoal kilns, they use far less wood because it just basically reaches the right temperature to carbonize everything and the gas that vents off goes back kin to mix with the air and flames and around it goes. -