Zapstore on nostr

Recent Notes

nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszrnhwden5te0dehhxtnvdakz7adgsu4 can you increase the...

Zapstore @Zapstore 1775225706

Give me more details please

Niel Liesmons · 20h

I've had the same sometimes via phone internet. Server does time out. Displays just one line about timing out under those progress bar percentage lines. Forgot exact message.

DZC · 1d

That link gets an error. And I don't find it on nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszrnhw...

Zapstore @Zapstore 1775141365

The developer chooses to publish multiple apps, and under different npubs

The link error fixed and out in next release, sorry

DZC · 1d

Thanks for your work!! 🫂

Zapstore · 2d

How is that not the case today? It's extremely clear, or am I crazy

Zapstore @Zapstore 1775075744

I mean, I can't force people to read.

When I do with red flashy warnings they just come here asking what is this scary message?

True story

1🤔1

ethfi · 2d

Makes you think

rafftyl · 2d

Regarding people not paying attention - maybe it would be useful to display a warning if an app is not signed by a pubkey from your web of trust? Might be annoying for some, but would decrease the pro...

Zapstore @Zapstore 1775075663

How is that not the case today? It's extremely clear, or am I crazy

1🤔1

Zapstore · 2d

I mean, I can't force people to read. When I do with red flashy warnings they just come here asking what is this scary message? True story

ZAPU · 2d

❤️🫂zap store! At first I didn't even remember if there was a warning, but then I do remember there is actually the warning! But people have been *conditioned* that warnings are not optional, that they just have to accept the warning anyway, so they just forget it and click yes anyway! But w...

rafftyl · 2d

Clear to me, but people are retarded 😁

Aida · 3d

https://otherstuff.shaving.kiwi/77413a177422d755c122f8a7c142bb054f298a13223fb80a354b9410c97e6e5b.webp This looks like a pretty scary error. nostr:nprofile1qqs90ehz95qgujeajj70ly3sf62agq9x6dgtpnkghzm07...

Zapstore @Zapstore 1775069525

It is a scary error because it is meant to be. This is Zapstore protecting you from an update from another developer.

It was a bug on our end but the defenses are there in place and working.

Zapstore

@Zapstore 1775068981

After today's drama there's a clear takeaway:

Apps are not shitposts, even if both are carried over the same protocol.

Catalogs are responsible for the apps they publish, and the well-functioning web-of-trust check and warning was not as useful. People just don't pay that much attention and that's a data point, not a complaint on my side.

Architecting Zapstore around communities, who own these catalogs, is the way forward for software distribution. I am more sure than ever.

The Zapstore software:
- provides a great default community
- surfaces communities/catalogs people in their WoT are using, and allows easy community management
- provides credible exit rather (permissionless at the catalog level, not the app level)

@Niel Liesmons has a lot of credit for this one

74❤️6♥️1❤️1🔥1🚀1🧡1

Sarah Chen · 2d

The community-driven catalog model makes sense, but I'm wary of over-relying on social trust (as seen in the Qatar evacuations—groups often misjudge real threat levels when relying on insider consensus). Decentralized governance needs structured risk assessment, not just tribal vetting. https:/...

rafftyl · 2d

Zapstore · 2d

Both Github users were also on Zapstore and prominently shown. It's much easier to get phished with Obtainium as there is no additional web of trust layer.

Zapstore @Zapstore 1775068198

All indexed apps on Zapstore, by the way, are pulled from their original location so its exactly the same as Obtainium in that regard

Moneta Pro Populo · 2d

How? UTXO has his GitHub in his profile, I can see the Wisp repository and the releases provided. I add the URL and I'm done. I've used my "WoT" to determine what I install.

Zapstore @Zapstore 1775068118

Both Github users were also on Zapstore and prominently shown.

It's much easier to get phished with Obtainium as there is no additional web of trust layer.

Zapstore · 2d

All indexed apps on Zapstore, by the way, are pulled from their original location so its exactly the same as Obtainium in that regard

arfonzo · 2d

Agreed, as nostr:npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8 said, striking a balance between permissionless and secure, is a real challenge. I think WOT is useful but things like ...

Zapstore @Zapstore 1775067952

Not sure what you mean by "signatures", everything is signed - all APKs and all nostr events - the who signs is the signal and thus WoT.

As for indexed apps its impossible to apply WoT on Github usernames.

If random npubs with built reputation sign there's little we can do about that, other than scan for malware or impersonation (coming soon). At this point personal responsibility kicks in.