web and pwa first
View quoted note →
Login to reply
Replies (109)
let the mobile clients chase
No, look at jumble.social nostr client. It's PWA and works amazing.
cc @Cody
They can do background notifications but you have to get the user to add the app to the home screen. Basically PWAs on iOS come in two flavours, home screen installed and not, and it's hard to discuss much without specifying which case.
Adding is not easy to get users to do, really need to make it a core part of the UX.
depends on the structure you have built because just balls-out "come and get me" will get you fried; you cannot just fling yourself off a cliff - in any context.
It always starts off great. Then you realize that:
- landscape layout sucks
- app manifest caching is broken
- ... only on certain platforms
- people are stuck on an old version
- or they just want to use the app right now instead of updating
- or their connection was unstable on update and now they have half old and have new assets
- some basic API isn't available
- or is available but has different options than the normal API
- or different bugs
- and things behave differently when installed as a PWA vs a web page
- etc
This isn't a criticism of jumble.social as I haven't used it. I've long advocated for PWAs and web first, but... it's way harder than it needs to be
nah. i think people just stop building for ios and let the dev mindshare dry up for ios and let the market incentivize apple to stop treating their customers like idiots
So test jumble.social. I'm sure you will love it.
#induecourse
text me - 😏.
And if you find any problem, I'm sure Jumble developer @Cody is listening and will fix it.
Nostr browser LFG LOL 😂😂😂🤘
I have only 2 PWAs:
Stacker News
stacker news
moderating forums with money
CloudpilotEmu
Load html straight from the relay
Definitely not criticizing any PWA. Maintaining them is hard work 🙏
It's harder cause the "market" pushed towards native apps for over a decade. Faster, more reliable, more control, more compliant, stores with policies.. It made sense.
But I can see a momentum for web and pwa. Not just interest from people like us. Also finally Mozilla is jumping back on working on it.
If we work on this all those problems are going to go away.
Just one example: cashu.me is definitely one of the best app i use and it's a PWA.
Web pages are also hard by themselves. We mostly solve this by pre-caching and centralization. It ain't pretty
Hey, the first advocate of PWA was Steve Jobs. He didn't want there to be any App Store – just the web
forget primal (its already good) make nostr.com a web client where regular people can create an account and try nostr
normies will never use bunkers
I'm into that too
I'm taking a different approach with device keys
at least for super private stuff. otherwise I think the nostr-browser approach is the most user friendly and dev-friendly way to build nostr apps.
Just different keys on different devices? Nothing wrong with that, but why not tie them together? It's very little overhead for lots of value
i am going to tie them together with device key lists
Sim, são importante, principalmente para coisas em sistemas como a Apple, ou em fase beta, mas nada disso exclui a importância e flexibilidade de um apk. Se você precisa usar PWA, está no sistema operacional errado.
Remote signing is also good.
its really not. I have never been able to get it working reliably.
Native desktop and Android first. End the web.
I've been able to get it working with amber and relay.nsec.app to a very usable degree, even though I have like 700ms ping.
So much so that it's becoming a priority to add it to formstr
The proposal is very similar to mine, but:
- requires you to validate the lineage before giving the event an identity
- allows an event to retroactively change identity
- both of these makes life hell for relays and mute/follow lists
If you haven't taken a look, I think you'll find my NIP-102 proposal to be simpler and easier to implement
Wait… PWA is inherently non-secure… why use that?
The biggest problem with PWA imo is that there’s not a great way to store private key. Specifically on iOS you don’t have access to keychain as you would on a native app. I also I am not sure you can use a Safari extension as you normally would from just using Safari.
This is how i see it, as long as we rely on gatekeeping app stores for distributing native apps
agree
it's all tradeoffs
Web apps and PWAs can’t reliably support Signal or MLS protocol because those protocols depend on secure, persistent local storage and uninterrupted processing to keep cryptographic state (double-ratchets, MLS group keys and membership) up to date, whereas browsers only offer volatile storage and can’t guarantee continuous execution—so keys and session data risk being lost.
Yeah for sure. I think one way would be to use webauthn credentials to encrypt the private key, the it could be store in IndexedDB encrypted. Then any time the user needs to sign an event you could request navigator.credentials.get() which would pull up face/Touch ID to decrypt key and sign. Not perfect but it could be a potential solution.
Great client.
yes. tradeoffs between that and the gatekeepers. currently.
my only app attempt & that was my huge mistake: not doing web, starting w/ ios
@Soapbox is out there being one of the best PWAs.
Underrated imo.
Even when added to Home Screen, you can’t have a notification pushed to the user if the app isn’t open on iOS
Notifications can only be pushed if the app is being actively viewed
I’ve tried
If you have a way to do it, let me know because I’m definitely interested
your device is a key.... 😶
i have never lost a single thing in 30+ years of wild footprint.
100% agree must escape apple and android.
Then we need grapheneOS rooted hardware as the next step, can use Pixel mobile and tablet for immediate time being.
I will go meet OEM when in Taiwan in a couple of weeks.
SPEED UP.
View quoted note →
Absolutely, I always start with PWA. Its non-negotiable.
Unfortunately, from my observation, most people don't know about Bunker, and it's not suitable for them to use Bunker either 😂. I'd still recommend using browser extensions. For mobile devices, you can rely on apps like KeyChat.
It's really difficult to adapt for mobile devices. But it's worth a try, because I don't want to be controlled by the App Store.
You mean if a user adds a PWA to the home screen, and then closes that app altogether?
Or if a user adds it to the home screen, opens it, and then opens another app or swipes away? (Jump over to Clash of Clans for example)
For A it won't work. For B it should though.
I want to use Bunker but I don't know how
Cons: some native features missing
Pros: you never need to explain Apple what ecash is
I guess this depends on how secure you want to be… do you mean having access to a secure element or something similar?
maybe he was, most likely others shared this view: it does not change what happened.
I respectfully disagree.
We should just give them a better/compact form for an improved UX; maybe a login via NIP-05 plus a password to retrieve and decrypt the actual bunker URL is enough.
pick your poison
normies will never use nostr either I think that's what you want to say
🎯
Hi,I've got some exciting news for you,I can teach you how to turn your $300 into $9500 in just 4hours investing Bitcoin mining without interrupting your daily activities.
DM ME HOW FOR MORE INFO: 📞
WHATSAPP: +1 (818) 463‑4473
Email:
christineduff300@gmail.com
Telegram Username: christine4219
This. I've really come to love the idea of PWAs. As bloated as the modern web is, it can do just about anything with the right APIs and permissions, and PWAs can work totally offline. Browsers are also usually built from the ground up with security and fine tunable permissions in mind.
A lot of mobile apps wind up rendered by the webview anyways, and a bunch of desktops bundle an entire browser like electon in just to be written as a site and then run as an app. Skipping the middle man saves a bunch of space on your device, keeps things a little more secure and private (if done right), and makes the app instantly OS agnostic as long as you've got a desktop and mobile layout.
/end random monologue
a lot of my usecases for notedeck are offline usecases (using 100s of nostr applications together offline, then resync when you’re back online). bunker is immediately out the window.
Cool. But this doesn't sound like a typical normies' scenario :)
using computers without internet? Most of the apps on my computer and phone are designed to work without an internet connection. You’re dooming all future nostr apps to be online always.
The web literally can’t. They are gimped database wise. This is why i ultimately concluded we need a better runtime environment for nostr apps.
I more meant if their phone screen is locked/asleep it won’t wake
I’ll have to try option B again, maybe that’s good enough
More secure than localstorage in js, but still on the user’s device so I don’t have to store it in a database that I own
Gleason is solid with PWA notifications (they have a central relay). Try adding either 
or else 
and to the home screen and when done sign in. At some stage you should get a prompt to allow notifications as attached. Once you approve then the PWA will show as notification enabled in your notification settings, double check. Then wait for some nostr notifications (replies, reactions) and see if you're getting them even when the app isn't active.
Ditto
Ditto
Nostr community server
Gleasonator
Gleasonator
Building the next generation of social media. Speak Freely.
It has gotten a lot easier building pwa for the web. Some webframework like tanstack router makes provides a good starting point
I agree that an offline-first approach is superior, and often needed, also to cover areas with poor or instable connectivity.
But is the signature really needed when the user is offline? Or should he be able to manipulate the content, and the signature can take place as soon the connection is restored, before the event is sent?
An interesting idea, but it seems like complexity for complexity's sake
Oh nice! Thanks for showing me this! I’ll try it out
I guess the main issue with local storage is the same with any other browser storage - a successful XSS attack could read the data. So probably encrypting with a passphrase would be the way to go? Or relying on a remote signer
Yeah, maybe I’ll try encrypting with passcode
I shall report back 🫡
When you really need it, you'll know how to use it. Until then, I wouldn’t recommend using it, as you’ll run into a lot of issues.
@semisol
if I make a PWA client, how can I securely store a private key so that it's not susceptible to simple XSS attacks?
localStorage is not secure enough for something so sensitive
@Terry Yiu how's iOS signer coming along?
Will this signer help PWA clients not rely on storing keys?
What are the biggest issues you see?
Have 2 domains. app.example and sign.app.example
On sign.app.example, it acts as an in browser signer for app.example in a hidden iframe (you do not need users to visit it directly) while always validating the parent is app.example.
If app.example is broken they can’t break the sign subdomain
I was pleasantly surprised to see that they do. I use PWA for stacker.news with Safari on iOS. Took a couple tries to get the push notifications option to enable, but it finally did and works great. Now, it functions almost native-like.
Oh, and forgot to mention, these are background notifications. I don't have the app open. The notifications even come through to Watch.
Curious why you'd want the PWA to store private keys in the first place?
Micro PWAs. Modular. Composable. Interoperable.
I think the biggest issue is the lack of stability, but it’s most likely a client-side problem.
Which bunkers are you mostly using/tried?
I find this to be true in a lot of areas of my Bitcoin journey
I sometimes use nsec.app for testing, but it often fails to connect. I’ll take some time to investigate and figure out what’s causing the issue.
Also please try our new "secure enclave" thing - in settings, should work much more reliably.
I've same issue, but I think the problem is we're in Asia, the nsec.app relay and nostr.band relay are really slow and unstable in our location.
nsec.app is running over relay.nsec.app which is a normal strfry. It's actually quote slow for ephemeral events processing - it has internal latency of at least 300ms for delivery of new events to active SUBs, plan to switching to something more specialized. Aside from that, again, try the secure enclave thing in settings.
Got it. I’ll give it a try 🫡
My work on it is a bit stalled. But in theory, yes, I think we could rely on deeplinks to switch between PWA clients and a signer app when it needs to sign data. The experience with app switching will be suboptimal for frequent actions like reacting to events.
I have one.
Even when your phone is locked?
What iOS version?
Yup sure does! Running latest iOS 18.
That’s good to know it’s possible!
Thanks for confirming
Now I just need to figure out how to do it
@k00b the stacker news site is awesome! Any insight to how y’all made the background push notifications work for iOS when Safari PWA is created that might help steer another pleb into the right direction?
I got some bug, I cannot upload my key and the ping is too high
Good luck! You'll also notice that notifications will still show even if the PWA is closed entirely—at least for a while until the service worker eventually goes out, days or weeks.
But zooming out recent app store changes might make the native app route a little more enticing, for US anyway.
Our source is open. Link in the footer of the site.
iOS PWA notifications are tricky, they are very strict about what you can do, but they use the same open standard other PWAs use.
1500 ping is probably due to you being in Asia, typical ping is 600 (300 of which are strfry).
Key not found sounds like service worker was off when you clicked Upload. Could you please reload the page and try again? Need to figure out how to wake the SW up if it starts sleeping with an open tab.
We're testing a secure enclave on Alibaba Cloud in Singapore, ping is 50-100ms. Testing AWS in Sing next. (Alibaba's enclave is basically a copy-paste of AWS, but their networking for SEA is very good.)
This TEE stuff is great, you found the holy grail I think. Are you running a two core graviton instance over there? Looks like the cheapest one is c6g.large. Or are you on 4 core intel?
I'm on intel, need to check arm too one day.
Is 50-100 ping from inside the enclave? Does enclave have network access by default or do you have to set it up somehow?
As low as 35ms for a light request from a test machine to the primary VM in Singapore (1700km one way), through vsock to enclave, light test process in enclave returns result, result sent back out the vsock and then from the primary VM back to the test machine.
most people dont know about nostr either you retard
and youre making a nostr client
Try jumble.social, is a PWA and it's an amazing nostr client.
Serial killer