Flotilla 1.6.3 is out — this is a bugfix and quality of life release, which is good because it turns out there were a lot of bugs. Changelog: * Fix scroll down button z index * Hide tooltips on mobile * Sort comments ascending * Make video embeds rounded * Fix ProfileMultiSelect styling * Accept hex pubkeys/npubs/nprofiles in ProfileMultiSelect * Tweak room edit form design * Report pending signer to user * Update default relays * Fix chat list responsiveness * Fix memory leak, notification badge not showing * Improve space join flow * Fix opening images in fullscreen dialog * Add support for blocked relays * Add login with key if no signer is detected * Publish default relay selections on signup And especially for @hzrd149 I added AUTH policy settings, which allow you to avoid authenticating with the entirety of the nostr network. Available now on web and Zapstore, in the pipeline for Android and iOS.

@KoalaSat I'm looking into using pokey for push notifications in flotilla, but the default outbox model paradigm isn't really going to work. Have you considered using intents or something to allow other applications to register notification configurations? E.g., flotilla wants to get notified of all kind 9s on relay X, sends that via intent to pokey, user approves, and pokey broadcasts those events. This would be great for UX, and would cover advanced use cases.

Check it out, bitcoinwalk.org is now powered by flotilla! View quoted note →

I've been using OpenCode Zen with Opus 4.5 the last few days at @Alex Gleason's insistence, but I've found that it's way more "hot" than Claude. I have to keep a very tight leash to keep it from going off the rails with ill-considered refactors. The way that Claude Code eliminated this behavior is why I finally started having success with vibe coding. Anyone know how to turn the temperature down a little?

Is there an event kind that specifies how nostr clients should deal with AUTH? I'm thinking a whitelist of some kind. Also settings for whether to auth automatically, only when getting an auth-required, or nover.

Whoever runs nos.lol, you should remove nip 77 from your supported_nips instead of return errors when negentropy is used

@verbiricha I sent you a DM, we should catch up

Re-posting to a new timezone: I'm still looking for reviews of the pomade protocol — also, if you're interested in using this project or hosting a signer please let me know. View quoted note →

Here's another demo of Pomade, this time integrated in Flotilla! I still need eyes on the protocol, so please give it a read and let me know your thoughts:

GitHub

GitHub - coracle-social/pomade: Email recovery protocol and implementation for nostr multisig signers.

Email recovery protocol and implementation for nostr multisig signers. - coracle-social/pomade

Am I the only person who struggles to figure out what the slug of a model is given the name? How am I supposed to know that `MiniMax M2.1` should be referred to as `opencode/minimax-m2.1` ?

Jesus tells us to "love the Lord your God with all your heart, with all your soul, with all your mind, and with all your strength." (Mark 12:30) Paul tells us that we are also to "walk in love, as Christ also has loved us and given himself for us." (Ephesians 5:2) God commands us to love him as he has loved us. In other words, he has loved us with all his heart, soul, mind, and strength. In a sense, God has worshiped us. Don't get me wrong, he has not attributed any of his own attributes to us — we remain creature, and he, creator. But he has in a very real way subordinated himself to our good — Jesus "made himself of no reputation, taking the form of a bondservant, and coming in the likeness of men." (Philippians 2:7) This is the God Christians worship. One who has taken worthless creatures and raised them to glory, amplifying his own in the process.

I should have mentioned what Pomade is — it's a multi-sig signer implementation with email-based login and recovery. View quoted note →

Pomade is getting closer — take a look below for a demo video, or try it out yourself at https://pomade.onrender.com. For more details, take a look at the repository at https://github.com/coracle-social/pomade. I am currently looking for security-oriented reviews, so if you're interested in using this project for your client, please take a look at PROTOCOL.md and tell me if you see any major attack vectors! Of course, an email-based recovery protocol can only be so secure (email providers, senders, clients, and signers are all assumed to be somewhat trustworthy). If you really want to go deep, a review of the signer code would also be helpful. Finally, if you'd like to run a signer please let me know and I'll add your signer to my master list of recommended signers.