An user just informed me that he burned his nesc: he opened Iris.to to test it, pressed "Sign Up" and filled in the only input in the form, which actually asked for the *name*. So his nsec has been scattered and leaked to all the default relays... <add a shit reaction here>.
Of course, the error is quite silly because the top text, "What should we call you?", is clear. But it is understable if you are overthinking and are used to seeing the nsec login as the first input. In fact I already saw in the past days a couple of profiles with an nsec*** name, and now I probably know why.
This led me to reflect on a simple UI best practice that can mitigate this sort of problem: filtering.
- If you are developing an app, check and filter the inputs, preferably client-side: if the user pastes a nsec in a non logical place (name, bio, pubkey field, etc.) reject it. When composing a note, it could make sense to ask for confirmation, highlighting the risks. The same confirmation procedure should work well for hex keys.
- If you are developing a frontend toolkit, you can probably help to automate the previous point by offering different input/textarea types with built-in validation.
Side thought: it is easy to confuse "Sign Up" and "Sign In". "Login" and "Create account" seem like a more distinctive and effective labeling. The mentioned user began to fail in this first step, thinking he was logging in, when he was instead going through a registration process.
Let's make Nostr easier and safer.
/cc @npub1g53…drvk @npub1v0l…qj49
#nostrdesign
2023-12-07 09:36:29
- reply
It's the WoT score, already present in Coracle.
It's not %, it is "equal to how many people you follow that also follow a given person, minus pow(2, log(n)), where n is how many people you follow who have muted this person. This allows you to see at a glance if someone is accepted in your network. This helps reduce spam, impostors, and objectionable content. You can set a minimum web of trust score on your content settings page, which will automatically mute anyone with a lower score than your threshold." (current tooltip)
The half circle is more prominent (orange) to show that the user is followed, dimmed for not followed users.
I would like to use the coracle sign, (half)circle, more frequently in the interface.
2023-12-06 21:45:48
- reply
The idea is to take advantage of the whole viewport, keeping a column not too wide (~70 characters) for the content to have good readability. I had thought of an option to collapse the first sidebar and show it only with icons (which I would like to use elsewhere, too). Thanks for resurrecting this idea!
Then, like you can see in the Figma, there is also a "zen mode", where you see only the main content and the menu is dimmed.
2023-12-06 16:23:16
- reply
Other note: Njump is great (IMHO) for sharing comprehensive and meaningful content that a user can appreciate, not an isolated response that requires discovering the context.
If the content is valid, attention will focus first there, and all the gibberish will be an additional possibility of learning, later.
Instead, if you want to point a Nostr newcomers to a whole discussion as valuable content, it is probably not the right tool for someone because it doesn't show the parent and replies.
We do this purposefully because the main goal is not to create another full-featured client and capture the user, but to encourage the user to discover other Nostr clients and interact with them. And yes, discovering requires being a little adventurous and sometimes facing the unknown :)
However, Njump remembers the most used client and moves it to the top, so after the same user tried a couple of clients and settled on one, the next time he will have a more direct CTA, without losing the possibility to explore the always updated clients list.
2023-12-06 15:48:19
- reply
Njump target is *not* specifically people who do not know about Nostr. The main goal is to create a link between the web and Nostr, with several outcomes (e.g. be client neutral, permit a fast sharing without JS and relay glitches, improve indexing of content on current search engines, etc.).
Of course, this means it will be used potentially by people that don't know anything about Nostr, and I agree that some elements can be initially confusing. Here are my thoughts about the "gibberish":
nevent1qqsqqqqq2y9zslqg9rzs0q52u3mrfetwf52tnnpur0zrrg99h4vp7uspzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcpzpmhxue69uhk2tnwdaejumr0dshszrnhwden5te0dehhxtnvdakz7e5huzf
Finally, we are cooking up an update that will precisely address the newcomers, specifically the "what is nostr".
Thanks for sharing!
2023-11-25 16:47:03
- reply
Hubris? You are talking like someone that just pretend and complain, what value did you put to make things better?
Judge and criticize a group of appassionate builders, only because *you* are not obtaining what you want shorterm, is sad.
Maybe @npub17nd…950x can share some direct experience about the matter, I'm done here.
PS: For a content creators, like any other professional, a website is the first obvious think to setup to have a sovereign space. So glad your are thinking about that, now.
2023-11-25 14:06:44
- reply
I understand your concern, currently Nostr is a bit of an echo-chamber, and I think this is absolutely normal for a newborn technology and its related group. But you have to look at the potential. The real point is that it is not a platform, but first and foremost a protocol, so you can build whatever you want. The more applications that are created, the more people will flock, and these people will join other nostr-powered services creating a more wide and heterogeneous public, where you could find *your* public.
All this require works, from all parties, even the creators. If you think you can find a better and healthy ecosystem than Twitter or Instagram, for free, you are right to be delusional.
2023-11-23 15:19:12
- reply
This is not "what they say about my notes", it is "let them manipulate what I published". It is a completetly different matter. I should be free to nuke a remote image and don't have anyone replacing it, and possibly changing the note meaning, without my consent.
In this case if you want to add something, even fix a broken image, shot a reply.
2023-11-23 12:01:24
- reply
Something like this:
"kind": 1,
"content": "I just painted this: https://wallpapercave.com/wp/wp5960277.jpg",
tags": [
["4001-by-others", "permit"],
...
I mean optional to enable the replacement for my notes, not to see the replaced ones by others. If a client support this NIP the replacement should be always active, maybe showing that an image has been replaced with a mark.
