Conversation
Notices
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Sep-2023 02:05:02 JST 
Alex Gleason
My plan for Soapbox + Nostr onboarding UX is to have it generate a 12-word seed on the client. You see it once and are told to write it down, then it disappears forever. It gets stored securely in the browser and can then be used to sign events. To recover your session, you need the 12-word seed.
This is the basic normie flow for mass adoption. There are other options, including NIP-07 signing with a browser extension like Alby, and NIP-46 support where you can sign events remotely using a dedicated signer app. You can also import by seed or nsec.
Technical info: I'm making the ServiceWorker a signer. You can send it messages like generateSeed, signEvent, decrypt, etc. When you generate the seed, the ServiceWorker generates it within the worker context and stores it in the Web Cache API. Which is an absolutely insane thing to do, but it will work. It sends the seed back to the client exactly _once_ when you generate it, and you can never retrieve it again because the worker will block fetches to it. But the worker itself can access it and sign your events. This is Vegan Mad Science.-
Embed this notice
feld (feld@bikeshed.party)'s status on Saturday, 09-Sep-2023 02:08:08 JST 
feld
hey how often do you use Soapbox on mobile and have you noticed all the weird z-index issues it has?
Sometimes you can't edit posts because the edit box is rendered beneath
Changing post scope? well the buttons on the screen don't match what you touch. Trying to change from followers-only to public is often torture because i keep touching the Public option but it keep selecting Direct Message somehow, etc -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Sep-2023 02:08:43 JST
Alex Gleason
I think BIP39 is a good UX that helps dumb down the whole thing, and by essentially making Soapbox an HD wallet it can open doors to other functionality and maybe help it support hardware signers in the future. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Sep-2023 02:10:10 JST
Alex Gleason
@feld Is this Safari? Some people mentioned z-index issues but I haven't seem them. I'm aware feeds are buggy. Once I wrap up Ditto stuff I'll be putting a lot of effort into Soapbox again. -
Embed this notice
feld (feld@bikeshed.party)'s status on Saturday, 09-Sep-2023 02:10:39 JST
feld
yeah. Safari Alex Gleason likes this. -
Embed this notice
Curtis Rock, SkD (curtis@social.teci.world)'s status on Saturday, 09-Sep-2023 02:33:58 JST 
Curtis Rock, SkD
@alex -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 09-Sep-2023 02:34:19 JST
Alex Gleason
@curtis Holy shit 🧑🔬 -
Embed this notice
Salastil (salastil@pleroma.salastil.com)'s status on Sunday, 10-Sep-2023 03:38:07 JST 
Salastil
This isn't normie-proofed enough. You need to mandate a .txt being downloaded with the 12 word seed and some sort of hash that has to be entered into the UI prompt providing the 12 word seed on Soapbox to confirm it was downloaded. I was going to recommend E-mail but then I remembered that Nostr clients are meant to be run like programs on your desktop, not hosted webservices. Every single Mr Magoo retard is going to be fucking this up and bothering you to recover their account because they were too stupid or lazy to write it down. Make it a file that they get on their computer. Alex Gleason likes this. -
Embed this notice
Curtis Rock (crockwave@gleasonator.com)'s status on Thursday, 08-Feb-2024 09:12:25 JST 
Curtis Rock
@alex https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
https://iancoleman.io/bip39/Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Thursday, 08-Feb-2024 09:15:16 JST
Alex Gleason
@crockwave Maybe I should go back to this idea.
I got concerned that someone could still steal it out of the browser with xss
-
Embed this notice
All GNU social JP content and data are available under the