PCR114 - Signed, Sealed, Safeboxed with Tim Bouma - Plebchain Radio

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Pleb Chain Radio, a live show brought to you by Plebs for Plebs, which focuses

(00:08):
on the intersection of NOSTER and Bitcoin protocols.
Join QW and Avi as they run down the weekly news and developments, breaking down the current
thing and the future frontier with the foundation of decentralization, the builders, thinkers,
doers and plebs.
All right, we are live.
Welcome, gentle plebs, to the lightning-laced airwaves.

(00:32):
This is episode 114 of Pleb Chain Radio, and today is Thursday, the 29th of May,
and it is 6.01pm on the east coast of the United States.
At the time of recording, we have a fun show ahead of you.
Tim Boma, the Swiss Army Knife of Noster Development,

(00:54):
joins us to talk about all the exciting projects he's involved in,
and if he disagrees with my Swiss Army knife description of him.
And just a reminder, folks, if you are listening to the show on Apple or Spotify,
first of all, thank you for listening, but I would urge you to hit pause
and switch over to the Fountain Podcasting app,

(01:16):
where you can earn some stats and support the value-for-value revolution as you listen.
This show is streamed live on Zap.Stream and any other Noster client that supports streaming such as Amethyst and Noster.
And folks, I've said this before, but there is no second best Bitcoin conference because BTC Prague is indeed the best.

(01:43):
And it is taking place between June 19th and June 21st of this year.
That is just three weeks away from today.
And you can save some sats by using discount code NOSTR, N-O-S-T-R, on tickets.
15% off if you're paying in sats and 10% off if you are paying in dirty old fiat.

(02:09):
And folks, one other bit of gratitude from me here.
As I mentioned on last week's show,
Finding Home, a travel show with Bitcoin in the background,
my humble attempt at paying homage to Anthony Bourdain.

(02:29):
The pilot episode premiered at the Warsaw Film Fest on Sunday.
That was just four days ago.
and I've heard from folks who watched it who were in Warsaw.
So thank you, everyone.
It means a lot to me.
Your feedback means a lot to me.
Please do keep it coming
and I'm looking forward to making a successful full season

(02:53):
thanks to your support.
And for our meme readout today,
it's Kermit the Frog sipping tea,
looking rather pleased with himself.
And the caption reads, Zapathon used to do more Bitcoin transactions in 30 minutes than the Las Vegas conference is trying to do in an entire day.

(03:18):
But that's none of my business.
and interestingly enough folks our top zapper last week was julie costello bringing it full circle
around the entire costello family now featuring in our top zapper rose so julie costello aka

(03:43):
a music mama
the only manager
who can lasso a tour bus
homeschool calculus
and still have time
to remind the drummers
to sit up straight
you raised Ainsley to hit
high notes that make crystal
glasses nervous and we

(04:03):
suspect it's because whenever she
glanced at the clock instead of the
fretboard you unleashed
that legendary music
mom glare potent enough to tune every guitar in the room thanks for showing the rest of us how to
run a family a fan club and a small logistical army before breakfast take a bow julie but not

(04:29):
too low someone's got to keep the rhythm section in line but honestly julie and to the entire
Costello family, we genuinely appreciate your support and generosity. And for our sermon today,
it is, social media was just the hors d'oeuvre. My dear gentle plebs, pull up a chair and loosen

(04:56):
your belts, because tonight we're feasting on more than timeline tapas. Hear the gospel of
Keys and relays.
Critics love to say,
talking about NOSTA beyond social media
is like saying blockchain, not Bitcoin.
Spicy take, utterly wrong recipe.

(05:21):
Strip Bitcoin's scarce money from the blocks too,
and the whole pot curdles.
Yank the memes from NOSTA,
and nothing collapses.
The network keeps humming
Because the primitive isn't the post at all
It's the signed event that rockets from pubkey A to relay B at the speed of gossip

(05:45):
Every event rides on four unbreakable truths
First, key pair identity
Your pubkey is your passport
No blue check rent due
Second, arbitrary JSON
Flip the kind number, flip the use case
Tweets to invoices to get commits within the same syntax breadth

(06:10):
Third, zero global consensus
Relay store, forward, forget
No miners, no fork drama
No committee saying, thou shalt
Fourth, upgrades are nips, not knife-fight hardforks

(06:32):
Progress happens by handshake, not holy war
Need proof this isn't theory?
Nip 47 turns any client into a lightning remote
Tap a button and sats move you never even saw
NIP57 zaps creators with micro donations that feel like emojis on steroids

(06:55):
Routester allows you to pick an LLM provider of your choice and hallucinate away
I mean chat away by using an e-cash token as an API key
No KYC, just your ego stopping you from becoming one with AI
And then there's Safebox

(07:16):
which we'll talk about in just a little bit,
which allows seamless issuance of verifiable credentials
and much, much more,
with no corporate or regulatory gatekeeper in sight.
These aren't white paper fantasies.
They're Tuesday afternoon for anyone brave enough
to change one field in a JSON blob.

(07:39):
So here's the entree.
Bitcoin is hard money.
Noster is the permissionless socket.
Together, they form the UTXO-powered walkie-talkie of the free world
Every app that speaks events and settles in sats
widens the orange pill blast radius

(07:59):
So, next time someone sneers
Stick to timelines, bro
Everything else is hype
Hand them this appetizer plate
and gently ask
Ever paid an invoice through a tweet?
Pushed code through a DM?
Rented GPU time with a zap?

(08:22):
Because on Nostra, that's not the future.
That's dessert.
Social media was just the hors d'oeuvre.
The main course is censorship-proof everything.
Served hot, paid in sats, and seasoned with sovereignty.
And with that, it is time to welcome our guest to the show,

(08:44):
Tim Boma, welcome to Plep Chain Radio.
Hello. Can you hear me okay?
Loud and clear, Tim.
So we typically start our guest segments with a burning question, a hypothetical.
So, Tim, you are walking in the burning desert of Rajasthan
and suddenly collapse into the sand with dehydration.

(09:09):
as if by magic
a local doctor arrives on a camel
with his medical kit
but needs to make sure
you don't have any pre-existing conditions
before administering treatment
what happens next?

(09:29):
my goodness
that's quite the scenario
I think you're leading me
to talk about what I've been working on. So, uh, um, your listeners might know that I was,
my wife and I, we were in Rajasthan for three weeks, uh, about a month and a half ago or so.

(09:50):
And, um, one of the, one of the scenarios that I've was looking at was just imagine
you were in a case like that, you lost everything or you, you know, or you,
and you wanted to provide some information.
And one of the things I worked on in my prototype, my project,

(10:12):
was this super simple QR code that you could have printed on a card, on a piece of paper.
You could even have it etched into a bracelet where anybody could scan it with their phone,
and it would actually make a connection via web to your NOSTA relay
and pull up your medical information

(10:33):
and present it to whoever scanned that QR code.
And yeah, yeah.
So I kind of forgot the question there, Avi.
I don't know if I'm answering it.
I'm just kind of talking about my lived experience
and being in a situation like that.

(10:54):
Well, let's play along with the question, Tim.
You haven't fully answered it,
but I think you're almost there.
The doctor arrives, the local doctor arrives on camelback.
That actually doesn't happen in Rajasthan.
I'm just, this is just theatrical flourish here, but, and needs to administer medical
treatment because you've collapsed in the heat due to dehydration.

(11:18):
But he does, he needs to check if you have any pre-existing conditions.
How does he check that?
Yeah, that's one of the scenarios that I'm working through and implementing with my project.
The simplest way presuming you in the middle of the desert with a really strong 5G signal you got data In Rajasthan there data everywhere There hardly a spot where you couldn get mobile data

(11:49):
So in that scenario, again, coming back to what I've been implementing,
I would love to just like hand a card that might actually have the information printed on it.
A lot of people do have that.
But then there's a QR code that they could scan.
it could pull up all that data which you had prepared in advance or that's just part of your

(12:12):
safe box if you will so you know it's a bit far in the future but one of the things that
I've been thinking about is you know socializing the idea of a blue QR code kind of like a blue
cross that if someone sees a blue QR code they know that they can scan that to get your health

(12:35):
health information and um would maybe take a bit to get people socialized to that but
i see that as being a pretty compelling compelling solution it's like oh we've got a person in distress
um let's find their blue qr code let's scan it we've got all the data that we need
um i know there's services out there that do that you have the medic medic alert bracelet i know

(13:01):
there's some emergency apps you can put on your phone. Like I'm an avid cyclist. And I remember
there was an app that would do something like that in case you got hit on the road. So yeah,
yeah, I think something as simple as that, like that, that doctor or first responder,
if they knew that they could find this blue QR code, scan it and get all your data

(13:22):
that they need for the emergency at hand, that'd be a huge win. Technically, it's not hard at all.
like i think we now have the uh technology uh to do it in a way that you actually have control
over the information um you know it's kind of like uh well i wouldn't do this just like a
microchip your pet and um they read the microchip and then it goes to some registry somewhere and it

(13:48):
pulls up the data the contact information who's the owner of the pet um similar things for um
any type of information.
So, yeah, I think that would do the job.
Excellent.
And we'll get into SafeBox and that solution space in just a bit.
Sure.
But before that, Tim, you're obviously quite active on NOSTA,

(14:13):
if not so much on the social media side,
although you do post more at the back end,
quietly, in the shadows, building incredible things.
But how did you get there?
How did you find Nostra?
Were you a Bitcoiner before you found Nostra?
Yeah, what is that story there, Tim?

(14:33):
Maybe help people get to know the Tim Boma.
Yeah, so I guess I first encountered Bitcoin around 2014, 2015.
And I'm an engineer by training.
The early part of my career, I was a software engineer.
And then I got into product marketing and management consulting

(14:53):
and all that business kind of stuff.
But engineer at heart, a mechanical engineer, not a computer scientist.
And I just remember 2015, picking up, learning about it,
and then picking up Anton Antonopoulos' book, Mastering Bitcoin,
and basically read that from cover to cover and was totally enthralled

(15:16):
with the concepts in there.
and then then I learned a little bit about Ethereum.
Ethereum was kind of a thing back then as well
and then it really started a journey for me
to really learn about cryptography right from first principles

(15:39):
and I think from about 2000, yeah 2015
yeah probably up to about I don't know 2020
I wouldn't call it a detour, but I'm a first principles kind of guy.
And I don't believe in magic.

(15:59):
I believe in mystery, but I don't believe in magic.
And I really wanted to understand the math behind what was going on with Bitcoin.
And so that got me into public key cryptography and learning like all the mathematical theory like around, you know, finite groups and RSA algorithms and elliptic curves and learning that.

(16:31):
I found an excellent book, a textbook, Applied Cryptography, by a German prof, Christoph Parr.
And I devoured that whole book.
It took me about the better part of a year to go through that book to really understand all the math.
And then, I think it was about 2018, 2019, when Jimmy Song's book came out.

(17:01):
on uh programming bitcoin so i got that and um started going through that and then that really
got me onto python um and i really focused on hand coding those examples and really understanding
what was going on there just just for the love of it i just got totally obsessed with it just

(17:25):
for the love of it and um you know just things snowballed from there you know then i got um
then anton antonopoulos came out with his book um mastering lightning i think that was out in 2021
2020 and i went through that book and really really dug into lightning and the theory of how

(17:50):
the channels work how the um uh you know notionally like uh you know how the cryptography works for
you know the the bitcoin transactions that anchor the channels to the bitcoin blockchain
and understanding understanding that stuff and then um in i think it was mid 2022

(18:13):
summer 2022 I became aware of an open source project on Xiaomi and tokens
I forget the name of the initial project there was someone that did a proof of concept that said
hey David Chalm did some cool stuff in the 80s you know his company flamed out because of like

(18:35):
management issues and you still needed a centralized clearing system underneath
that kind of was a problem that couldn't go away.
And then someone in the mid-90s, I forget his name,
I think it was David Wagner, came out with an email saying,
hmm, you could take the Shamian scheme.

(18:57):
RSA is pretty hard and complex.
Let's try this new kind of elliptic curve cryptography stuff
and did a proof of concept or hypothetical like in the email.
And then I forget who the person was on GitHub.
I think the handle is Firou, I believe,
did a project where they just approved the concept.

(19:23):
And then that's when I became aware of Callie,
who started the whole nutshell or the nuts or the cashew.
And I was right there from day one,
and I was thoroughly fascinated with it.
Like, once again, I went right down to first principles
on the cryptography, really understood how the blinded signatures work,

(19:44):
how the cryptography worked.
I also learned how it integrated with lightning and understood that.
So I was literally there from day one.
And by that time, I was fairly proficient in Python.
So then, you know, I started to poke around in the code for the mints and that.

(20:05):
And then I created the concept that I worked on was, hmm, now I can create a, like all the custodial lightning systems were account-based, meaning that, yeah, you have lightning, but at the end of the day, things like Walla to Satoshi and Blink and that,

(20:32):
They pretty much just have an accounting system at the end point that keeps track of what your funds were.
And I realized that this was an ultimately different way where I could actually issue the tokens and then store them on the user's behalf.
So that set me down the path of creating my own version of a wallet.
I know Cali had one.

(20:52):
There's about four or five different versions.
But I started to work on my own.
Again, this is late 2022.
And then I guess just being part of the flock, learned about Noster and got interested in that.
And then that was late 2022, I believe.

(21:18):
And I think that's when Jack Dorsey came on the scene that really sort of hyper, hyper charged it.
and then I got totally fascinated with Zaps
and started to play around with that
and figured out how to integrate that into my project as well.
I just remember, I think it was the first Nostra Conference,

(21:43):
Nostrica in Costa Rica,
and I literally remember, I think it was Will or JB55
and Jack and I think NVK was there as well,
literally at the panel discussion talking about ZAPS and that,
and here I am at home and kind of implementing concepts.

(22:04):
I was literally hearing the panel discussion saying,
hey, I can do that, okay.
And then a couple hours later, I was like, hey, I did that.
So, you know, I've really been on the, you know,
I really pay attention to what the new ideas are,
what the new creative discourse is,
and then I say, how the heck can I actually make that work?

(22:26):
Again, I don't care about the blue sky or magic possibilities.
It's like I just want to engineer the stuff
and understand the mechanisms that actually make things work.
And then we can talk about where I've evolved the concept of Safebox,
but I hope that kind of answers your question of my trajectory to where I am.

(22:48):
No, it certainly does.
you were not at Nostrika
you were watching the live stream correct?
Yeah and I have to say
how valuable those live streams are
so if anyone's
having any second thoughts about these conferences
and not doing live streams
they are super important
I learned a lot from those live streams

(23:09):
No certainly
I think a lot of us were watching
Nostrika was what
just three months after the Jack Dorsey
wave began It was in March of 23 and a lot of us were new to Nostra around then and super excited by it So that live stream certainly was great

(23:33):
So Tim, before we talk about Safebox,
you heard the sermon. It was really
about the other stuff on
NOSTA, right, as opposed to
just the social media use case, which obviously
is the low-hanging fruit and
gets
people easily excited.
But
have you heard
the criticism that goes around that

(23:54):
saying NOSTA is
valuable for something
other than social media is the same as
saying blockchain not Bitcoin?
No.
No.
I go back to I think one of the
comments that Jack Dorsey made
probably about three years ago. He said
you have to discover the use

(24:16):
cases. There's use cases that we might not
even know exist yet.
And I really took that comment to heart.
And while Noster initially found its genesis in being a replacement

(24:41):
to the traditional social media, as we know it,
like namely Twitter and the other digital platforms,
I've been studying the protocol very closely.
And I always come back to the genius of the protocol,

(25:02):
Fiat Jeff, who came up with it.
It was like, I don't know, maybe it's not divine conception,
but it's pretty close.
and what he had defined a protocol that works great for social media,
but he actually unintentionally solved some other problems, some interoperability problems.

(25:26):
And I think you touched on it on your introduction.
is what's beautiful about the NOSTER protocol
is that you don't got to worry about the cryptography.
I know it works.
And they've chosen the curves.
They've chosen the signature algorithms.

(25:47):
So I don't need to bother with the cryptography anymore.
I know it just works, and I just find libraries that work.
But the real genius of NOSTER was this notion of kinds.
It enables all these different event kinds.
Of course, there's a few that are reserved for social media, kind one and kind zero for metadata and the other kinds.

(26:10):
But it all of a sudden opened up an entirely green field of a semantic frontier that you could actually build anything on and imbue your own meaning based on your kinds.
and you can build anything you want
without any permission from the protocol gods, if you will.

(26:33):
You just follow like NIP01
and the relays will just like store forward and forget
and you're in business.
And it works great for like social media,
but the big aha moment,
the aha moment that I'm having myself
is that this is a permissionless way of communicating intent

(26:59):
between applications, between people.
It's more than just information.
It's intent because it's actually signed JSON or signed data.
And the other thing that you literally get for free from the protocol
is you get the ability to encrypt to any other person out there

(27:22):
so that no intervening party, whether it be a government or a digital platform,
they can't screw with your data.
They can't even see it.
And I realized that this is a massively powerful model
to actually build an entirely new infrastructure on.
and that's what's exciting me like um i just view like with what i'm building with safebox and what

(27:49):
i've done with the payments stuff that's just a starting point and uh social media like with
nostr and what we're doing on nasa social media that's just a starting point i i'm just seeing
an entirely new architecture that can be built uh building like a globally interoperable architecture
that nobody can stop.

(28:10):
And every day as I'm building stuff,
I'm thinking about this and going,
wow, I just feel like I'm a pioneer
on an edge of civilization doing something new.
I don't have to go back to any committee
or anything like that to do what I do.
I just build my log cabin in a new territory.

(28:35):
Yeah, sure, the log cab might be shitty, but hey, that's the thing.
When you're pioneering new stuff, you're experimenting with new things,
and then you figure out how to work with the materials at hand,
and you build better and better and better.
And I'm just, I can't stop thinking about,
I can't stop thinking about the potentials here.
Like, honestly, it just feels like 1993 again,

(29:01):
just before the web really took off.
and that's how I feel.
It's like dialing back the clock 30 years
and an entirely new opportunity is arising.
A few of us understand it.
This community understands it.
But given another few years,

(29:22):
who knows,
I think it's just going to be a tidal wave
and digital infrastructure is going to be rebuilt
based on what we've learned here.
You know, one of the criticisms you hear from Bitcoiners,
believe it or not, right, who've tried out NOSTA

(29:42):
or they've heard about NOSTA, couldn't be bothered to try it,
whatever it is, but there is a subset of Bitcoiners
who fall into this camp who, I mean,
the criticism really falls into two main parts,
two main related parts, actually.
So one is around relay centralization,
And the other is monetary incentives for relays.

(30:06):
And I find it funny when they make these arguments because, and I've joked about this, right?
It's like NOSTA is the perfect example of something not working in theory but working in practice.
But just coming back to those two criticisms, relay centralization, the dangers of that,

(30:26):
and relatedly, the monetary incentives to run relays at scale, right?
when we talk about millions of events.
Yeah, sure.
It's still early days.
I know that's corny to say that.
But one of the core properties of Nostr,
or more specifically Nostr event,
is that every event has its own identity.

(30:46):
Namely, it's generated from,
it's basically a SHA-256 hash, the event ID.
It's generated from a set of properties
and then the content.
And so that every event is unique
and then it gets signed.
that's massive because then that event is free of any database.

(31:09):
It can live anywhere.
It can be on centralized relay X,
but it can be on decentralized relay Y.
I remember I had done some stuff on Twitter
more than 10, 12 years ago
where I developed a system that would do automated tweeting and that.

(31:29):
and I just remember
you know looking at I think what they call the status ID
like every tweet had a unique number
it was literally just a
what's it called a monotonically increasing number
it increases
but that had to be managed by

(31:49):
the Twitter service like it was unique
but they enforced uniqueness and you had to be part of the service
well you get uniqueness
with any event that you generate just by default,
and it's not managed by a centralized authority.
So relay centralization, what does that actually mean?

(32:14):
I can see where you can have relay,
I'm just trying to think of the right word here,
is affinity or agglomeration.
I can't even think of the right word.
where there's going to be relays that are designed to handle lots of data, lots of throughput.

(32:37):
And just they happen to become the relay of choice by everyone.
You're seeing that with Primal and with Damus and there's a few others there.
That's fine.
But the thing is that architecturally speaking, I'm pretty happy to rely on those relays for doing posts and kind ones and stuff like that.

(33:02):
What I'm building, I actually have a relay that's sitting behind a firewall.
And it's not accessible from the internet.
And that's where I'm storing my data for my safe box, if you will.
but it's pretty easy for me if I wanted to put it out on like Damus or Primal I could do that

(33:23):
it's really like a it's just it's not a centralization issue it's availability issue
and so what's not taken away from me is the optionality of how I want to deploy things like
I don't you know with Twitter I have to use Twitter because it's Twitter remember in the
early days of twitter there used to be a bunch of different clients and then they all disappeared

(33:48):
and so you only have the twitter client that's that um with uh nostr since every event has its
own id and it's signed by users external to any system you have uh like option optionality there
and yeah you don't you don't have to ask permission to use anyone's relays well you do if they want

(34:15):
permission if you need to authenticate or pay or whatever but you can you can spin up your own
relays and the other thing too is that when you when you query data you can query from a set of
relays that will pull all the data together and there's no issue with the data conflicting because
all those events as I described earlier they have their own unique identity and so I know that I can

(34:42):
pull from a pool of relays and get the data that I need and if one of them is falling down missing
some events or deleting some events I don't really care because another relay is going to pick up the
slack so yeah I'm not worried I'm not worried about relay centralization at all and in terms
of the monetary incentives?

(35:02):
Well here the thing I don think we actually figured out from a business business perspective or strategic perspective or institutional perspective how to manage the possibility or how to capitalize on the possibility that every single one of those events that have their own identity that we talked about earlier I can send money to

(35:26):
I remember that revelation that I had
and implementing it
like I have a command line app for my
safe box
and in testing it I was using Coracle
and I was just looking up event IDs
random event IDs
and then getting the note ID

(35:47):
and then seeing if I could send a zap to it
and I could do that
and it's really simple.
The logic is, okay, here's the node ID.
Look it up on the relay or set of relays,
centralized, decentralized as a matter.
Get the node ID.

(36:08):
Find the public key who signed the thing.
Okay, you got the public key.
Look up the kind zero.
Go to whatever relays that you want.
Go to the kind zero.
If you can find the lightning address,
you got a lightning address
then now you have
the means to send money to that event

(36:31):
and then of course with the zap receipts
then you can issue the zap receipt
that basically says okay this is associated with this event
that I've zapped and broadcast that
and then
you know it's pretty incredible
like if you think about it you can you can send money to any address that exists out there

(36:58):
and if the owner has claimed some sort of association to that address and uh has a um
a payable payable address named lightning address there's some other ways of doing it as well
but you can transfer value to any addressable address like i don't think we even know

(37:21):
what the potentials of that are yet so um yeah it's like people are complaining that the road
is still a dirt road and they want it to be paved it's like well folks we're in entirely
new territory here. Just kind of go with the flow with the dirt road because there's going to be

(37:43):
some pretty amazing stuff over the hill. Yeah. So if I were to summarize what you said, Tim,
from relay centralization problem, well, anyone can run a relay. It's permissionless. So if it
does become a problem, people can run a relay, their own relay. Anyone else can spin it up. And
if it becomes a problem that they're not getting paid for it and users end up suffering, then they

(38:06):
will pay for it because it's so easy to pay for it.
I think that makes a complete sense.
Yeah.
Like the other analogy that I give in the early days of email, people say, what's a
business model for email?
Now it's just part of the infrastructure.
Like it's a cost of doing business now.
Like you don't, you pay a monthly maybe with your Google or whatever, Proton or whatever.

(38:32):
and they have a service,
but a lot of us don't even know who our email providers are.
So I think that's what's going to happen with the relays
and that's how I'm seeing it with what I'm doing with Safebox
is at the end of the day,
what drives business is a value proposition
irrespective of the technology,

(38:52):
a value proposition is something that the customers value
and you'll need the technology infrastructure to support that.
And so I think relays, what's going to happen is that you've got some super solid open source relays.
Like I use the stir fry, stir fry, yep.

(39:18):
And it works without a hitch.
And then I think Semisol is developing another one that I might experiment with.
but it's like you know when when i get to the deployment phase of what i'm doing trying to
set up an operating model i'm going to be looking at all the different types of relays
i don't really care if they interoperate or not because my my baseline is basically nip one and

(39:46):
maybe nip nine for deletions and that and i don't have i just don't have to worry about that stuff
it's all like hashed out and um all i care about is just take my stuff broadcast it store it
delete it thank you very much that's all i'm looking for thank you i i don't need a database

(40:13):
i don't need a i don't need a database provider that's protecting protecting my database with
admin admin password or anything like that uh uh everything is like protected on its own by every
user it's just like the upside is just incredible you know tim you'd you'd mentioned the killer

(40:36):
feature of nostr for you is is the kinds uh i i tend to agree i think there's one other killer
feature for Nostra that, in fact, in my mind, it's an even bigger deal than event kinds,
which is this notion that we now all completely take for granted, but that user identity has

(40:58):
moved from the application layer into the protocol layer.
Oh, yeah, yeah, yeah, yeah, yeah.
It's so obvious, so fundamental.
I don't even talk about that anymore, but you're bang on.
The fundamental, another fundamental innovation is the NPUB-NSEC pair, public-private key pair.

(41:26):
I have 100% cryptographic assurance that that NPUB is mathematically related to an NSEC.
and if something is signed by that NSEC,
I can verify and I know that whoever has control of that private key
signed it.

(41:46):
How that private key has been controlled
or compromised or whatever,
that's a management and trust issue.
It's not a technical issue.
And I put my finger on it a few months back
maybe the better part of a year ago

(42:06):
that the fundamental innovation there
is, as I said, that algorithmic
relationship between the public and private key.
There's no equivocation about it not being
related or not. The other thing too

(42:27):
is that that public-private key contains no
information in itself it just can sign things and this is where the certificate authorities you heard
of pki certificate authorities and that kind of subtly get their power they say well if the
community is going to trust your public key we're going to have to sign it and we're going to put

(42:48):
some information about you that you're a good person and that we're reputable or whatever
and then oh by the way you're going to have to pay us money for that um for that certificate
And then all of a sudden, now you've got some sort of what I call moral authority kind of dictating rules on the trustworthiness of that public key.

(43:11):
But what Noster has done is that they've completely separated the idea of the public key and how it's trusted.
They're two separate problems now.
and there's no kind of jamming in kind of this trust capture stuff

(43:31):
and saying to people, well, you have to trust it because it came from us.
It's like, no, I'll make the judgment call on that end pub.
I'll see that it signs something as a kind zero event.
I'll do the NIP05 and then maybe do resolve it to a domain name
that I know and blah, blah, blah, blah.

(43:51):
You know, it's an entirely new trust infrastructure that we can break free from the public key, traditional public key certificate authority structure.
Also enables us to break away from, it'll probably a long time, but to break away from like the TLS domain name certificates and that's pretty much controlled by, you know, a group.

(44:16):
Thankfully, we've got organizations like Let's Encrypt that enable you to get a certificate for your website.
But eventually, we'll get away from that.
The other thing I'll add, too, is that in addition to the NPUP being completely divorced from any information,

(44:43):
it's, for all intents and purposes, unique.
Like the entropy is such that, you know, it's, you know, an NPUB, you know, is, I don't know what the entropy is, but it's like, there's no chance you're going to generate a duplicate one.
And so then all of a sudden you have a unique address space.

(45:04):
Voila.
You don't need to manage that anymore.
So have NPUB can trust anyone.
And I can make a trust decision about an NPUB.
and that's for me to decide and it's for me to delegate outwards if i want to but not to be
dictated on and that just kind of flips everything on its head as well and um i'm really excited about

(45:27):
that so yeah i i agree with you like um the the end pub the the public key on its own being um
uh being a fundamental innovation you know that that was the innovation of bitcoin right the
identities exist outside of the system i just remember the this the the white paper the one

(45:50):
diagram that stopped me in the tracks there was a i think later on in the white paper um uh they
just they discuss um he has a really simple diagram i'm pulling out my version of the white
paper, where it kind of flips the architecture
around. I just remember, yeah, privacy, the section 10 of the white paper.

(46:13):
I remember looking at that diagram, just saying, oh, that's freaking genius.
And, you know, it talks about the traditional privacy
model, the new privacy model. And we're just doing the same thing
in Nostra now.
Yeah. Yeah, for sure. Certainly,
it's changed the game, right?

(46:34):
The separation of user identity,
and just to put it in simpler terms,
the separation of user identity
from the application layer,
which is where most of the data theft,
the rug pulling, and everything else happens
at the platform level.
Great.
So Tim, let's talk about,
Safebox, and maybe if you could help our audience understand it in simple terms, what is Safebox?

(46:59):
What is your motivation for building it?
When can folks start using it?
yeah so taking all these new ideas
of relays and pubs and events
and
thinking about building something that's not just
better or slicker or more sexy or

(47:23):
whatever try to build something
absolutely fundamentally different yet
simple, simple, simple. So, um, some of you might know, I was invited to be part of the
sovereign engineering cohort, um, the group, uh, that's based out of, uh, Madeira. So I was there

(47:45):
last summer for six weeks and then I've, I've gone back a couple of times. I'm probably going
to go back again later in the fall for the fifth cohort. So, um, I, I had the benefit of like,
really debating intensively with folks like Pablo and Gigi
and a few of the others that wish to remain anon,

(48:10):
just talking about the philosophical underpinnings
of what we're trying to do.
As I said, Safebox is actually my third iteration of my project.
Originally, I called it Nemo Cache,
which is a fun name for the underlying technology that I was building.

(48:35):
Then I called it Open Balance, another fun branding name.
And now I'm on the third iteration, Safebox.
The first iteration really focused on what I talked earlier.
Instead of building an account-based system,
build a token-based management system to manage your balances and that.

(48:57):
So, you know, I as the custodian, as I was building, really have no insight on like the nature of your funds.
All I just see are just a bunch of blinded tokens.
The next iteration, I started to integrate more and more of the Nostra capabilities, experimenting with, you know, direct messaging.

(49:23):
um yeah just just just playing around with it and uh just understanding what i could do with
nostr and now the third iteration uh i had a an epiphany like last summer one of the big problems
that i had with my service it wasn't a problem but like i had a database in the back end and i

(49:47):
didn't like that because i thought hmm if i get tapped on the shoulder by an authority you know
I'll have to like give up all the information and like maybe they'll tell me to shut my database
down or not, not that I'm doing anything bad, but it was just like, I'm, I'm, you know, I'm a single
point of failure and I didn't really like that. And, um, it became apparent, um, when I better

(50:14):
understood like, uh, the relays and what they could do and, uh, full credit to Pablo with what
he did with cashew nuts, if you will, and NIP 60 and NIP 61, storing the data on the relays.
That's when the penny dropped for me. I went, oh my goodness, I don't need a database for each user

(50:38):
or database instance. I can just store stuff on relays, sign it, and encrypt it.
and then I said, well, I don't want to use the user's private key.
I'm going to create a component that generates its own private key
and I'll give that to the user or to the client application.

(51:01):
Then I'm just going to build a component
that there's really three things that actually have to come together for it to work.
The private key, someone's going to have the private key.
the code's got to be running somewhere and then the data's got to be somewhere on a relay
so it's only when those three things come together does the component come alive so to speak

(51:26):
and then the more and more i looked into it i went holy crap this is an entirely new infrastructure
and entirely new architecture because what i talked about earlier with the events having their
own identities you know i get you know i get all this stuff for free from the protocol then you

(51:47):
know i i can migrate um i you know i can i can send the data to another relay to live on another
relay um the code can run from anywhere and the private key can be supplied from anywhere
and holy crap this is really um really powerful so then you know i created my first
phase of my iteration was creating a command line app literally kind of like the equivalent of ssh

(52:16):
for like sending money and storing data so i so i got i got that working and basically
implemented and tested the functionality that i wanted to build and then i started i think
yeah I think it was about like October of last year I said well

(52:38):
I want the same component to work in what's called an asynchronous context so I started
to build a web app and that's basically the front face of Safebox now is the web app but the
the component underneath is where the where the real real guts is so what's what's happening is

(53:02):
that um i i'm building you know it just looks like a web-based wallet app it's like a boring
lightning wallet makes payments you know it presents stuff and if you wanted to present
fiat and u.s dollars and canadian dollars does that but in the back end it's a radically different
architecture. All the data is stored in relays that I might control, which I'm doing for my

(53:31):
prototype, but I can actually put it anywhere. So for example, on some of the testing I did,
this is going back maybe three or four months ago, I like to test these concepts out where I actually
fired up a safe box. I found a relay that I could use in Beijing of all places. I'm surprised I

(53:51):
could get there but i could use it and then i i found a mint in i think in buenos aires or whatever
and then i just ran the code from you know a random unix box or a random like ubuntu box
and i ran payments through you know a anonymous ubuntu box that was running the code you know the

(54:18):
The data was being run through a relay in Beijing,
and the Mint was going on in Buenos Aires.
You know, this is amazing.
Like, what jurisdiction would be able to track this?
They won't be able to track this at all.
So, you know, then I just explored that concept further,

(54:39):
and I said, okay, this is the core of what I'm calling SafeBox.
I have all the payment stuff pretty much working.
um like it's 99 done so payments is a starting point but then i started to explore saving like
records like personal records personal notes and then the work i did with you avi with nos fabrica

(55:05):
was um uh well i can actually do the same thing for storing health records like okay i got that
working and then i built up you know maybe it's too grand to call it a protocol but i i i figured
out a way to enable two safe boxes to communicate directly with one another well they do it via

(55:26):
relays but everything is encrypted via relays really so i don't know what's going on i went
oh uh now i can actually share between two safe boxes that are anywhere in the world and then the
the protocol I developed it would negotiate would say okay well here are the relays that I want you
to use and then the responder can say well I can't use those relays how about using these instead and

(55:50):
it's like okay then I'll listen to here for the the controlling messages and that and so a lot of
like gnarly engineering underneath the surface but at the end is that I could easily share data
between two safe boxes.
And then to make it simple for the healthcare context,
you know, made it such that the parameters

(56:12):
were rendered as a QR code that the wallet could read
and then figure out what to do with it.
And I demonstrated that.
I got that working.
And I also had to, I don't want to get too geeky here,
but I had to, you know, adapt.
I think it was NIP, there's NIP 44 for the encryption, but I think it's NIP 59 for the gift wrapping.

(56:38):
So I had to adapt that for my purposes.
And then, you know, basically got developed a way of making it easy for, you know, calling it inter-app communications now.
And now it's like, oh, okay, this works.
And then I generalized it to do credentials.

(57:07):
A credential is nothing special like a driver's license or an ID card or whatever,
just data that's signed.
And then I just worked with Vitor in understanding a way of embedding,
encoding, embedding data for prescriptions.
and then I went, oh, okay, well, this is pretty straightforward.

(57:28):
I can do that.
And then I looked at it and I said,
well, I can take what I did for credentials
and verifying credentials.
I can just like generalize that
into like a gazillion different types of records.
And so it could be like gift cards.
It could be immunization records.
It can be whatever.

(57:49):
So now I feel I'm on the track
of building a fully functional wallet So for fun like when we were traveling in Rajasthan i kept my field notes on my wallet traveling let say what we did every day what hotel we went to blah blah blah
just just to prove that it actually worked it worked and then like yesterday i found a nice

(58:11):
pasta recipe that i need to prepare and i just saved it as a note on my wallet and use that while
I was, um, uh, use, use that while I was, um, uh, cooking. So, um, it's still a ways away to be like a real consumer slick product, but I'm a hundred percent confident now that I can build not only a wallet that enables like private payments, but also enables the, enables the private storage of records.

(58:47):
and private communication and personal records.
And I'm 100% sure now that it can't be compromised in the middle.
And so what I'm doing now is just got all the components,
kind of got figured out.
So now I'm just kind of working on some of the security engineering stuff.

(59:08):
Like I figured out a way to make what I'm calling a non-custodial wallet.
So let's say you have a safe box.
it's out there on the on on the web or on the relay and you just don't trust anybody at all
the private key or anything like that but you'd like to have a lightning address
to receive payments well you need some sort of online capability to do that

(59:29):
so um i figured out a way to do that where uh okay you want that i don't know your private
key or anything like that just give me your public key uh the relay that you're living on
thank you very much that's all i need i'll spin up a lightning address for you and when the when
the payment comes in a lightning payment comes in i'll just flip it to cashew tokens and then fire

(59:54):
them through that um protocol that i talked about earlier you're going to pick that up the next time
you come alive you're just going to look for to see what's uh in your cashew inbox so to speak
you're just going to swap those tokens into your wallet and boom, done.
And it's like I have no way as a provider to yank anything back.

(01:00:21):
Yeah, I might decide I don't want to handle your Lightning address anymore,
but you'll just say, oh, thank you very much.
0I'll just fire it up elsewhere. 767 01:00:27,1000 --> 01:00:40,240 So I kind of decoupled the service provider that provides those online computational capabilities from the safe box that can just live out in the network.
And I don't know of anyone that's doing that kind of stuff.

(01:00:45):
It's still pretty rudimentary, but for me, the concepts are kind of radically new, a radically new way of doing things.
And so that's what I'm actively experimenting and doing that.
Well, lots to look forward to with Safebox there, Tim.
And I feel like we could spend an hour just talking about Safebox
and the different things you can store in it.

(01:01:08):
But I want to focus on one thing, which is credentials.
And, you know, this is an issue we run into in the digital world, right?
This goes beyond Nostra as well, which is with credentials,
can they ever be truly digitally native without needing an Oracle,
without needing some kind of intermediary who exists in meat space to bless it, right?

(01:01:33):
Some kind of authority.
And I think you're attempting to tackle it, self-issued credentials or what have you, right?
So I'll pick a specific use case for why something like this would be important.
You mentioned NOS Fabrica, right?
We're trying to build healthcare data interoperability built on NOSTA.

(01:01:55):
if you in in maybe a few months down the line there is a health care marketplace on nostr where
you have patients searching for care right nostr solves a discovery problem you find the provider
and you schedule an appointment you can pay them in lightning great but there's one catch there
how do you know that someone who's listed themselves is as a health care provider

(01:02:19):
0is actually a healthcare provider.
And credentials are one way.
NOSTA has badges, but, I mean, anyone could make a badge, right?
So that's a problem.
Yeah.
So how do you see that?
Yeah, kind of the same approach,
how you resolve like an event to pay a lightning address.

(01:02:42):
So the idea is that the wallet itself is a first-class citizen,
is NOSTA.
It has its own private key.
It can sign events.
It can do everything.
It can encrypt and everything like that.
I've also added an attribute to the wallet, which is the owner.
So if you control the private key of that wallet,

(01:03:04):
you can actually say that you're the owner of that wallet as well,
and that can be signed in an event.
So it's like I can say, okay, I know that Avi's got a wallet.
He's using a wallet, and it has an ID.
That's great.
but um that wallet i can see that avi's end pub is there and so then i can actually check a registry

(01:03:27):
or whatever to see that um or an event i'm still thinking this through this event event that
avi says um this is a wallet that i'm using today might not be the one that i'm using tomorrow so i
I can just maybe have to define a kind that will say,
what's the legitimate wallet that Avi's using?

(01:03:53):
And then that wallet, ostensibly under the control of Avi,
could be issuing credentials, prescriptions,
0like prescriptions or a doctor's note or something like that, 817 01:04:04,1000 --> 01:04:06,920 like short-lived credentials.
And the wallet signs that.
And then so how that actually gets verified in a community,

(01:04:16):
and this is something I've been very careful to make sure that I don't like step into the problem of trust,
which the community has to figure out.
Like I'm just figuring out the mechanics of enabling them to make a trust decision.
So there may be like a pharmacy that I present, you know, I walk up,

(01:04:36):
I have my safe box and the pharmacy has their safe box and they say, well, show me the prescription.
So I present the credential, prescription.
They get a copy of it.
It gets transmitted.
And then the pharmacy person or whatever looks at it and says, oh, okay.

(01:05:01):
Yeah, it's all signed and everything.
It all checks out.
It hasn't altered.
And, you know, here's all the data and that.
It's like, oh, okay.
it's signed by this wallet okay and let's see who the owner of that wallet is so it's signed that
avi's the owner and then i can go to um i i can uh query an event to say uh uh did avi

(01:05:28):
sign that this is the wallet under his control yep it's good there we go so i i know this that
this credential or this prescription was actually issued by abby and then the next question might be
well is he in good stead with the college of physicians or whatever and so you know the the

(01:05:50):
the pharmacy might just have a list that they look up that they maintain just say okay this
is abby's end pub it's good we trust them there we go or there can be a register of pharmacists
or whatever so um all i'm doing as i said um at the outset the the the uh the beauty of like the

(01:06:10):
npub insect insect is that there's a hundred percent cryptographic assurance that those two
things are associated to mathematical assurance and then all i'm doing is giving you a path
to know that you have 100% cryptographic assurance
that that wallet issued it,

(01:06:31):
that it was under control by Avi,
and then someone signed that Avi is a good doctor
or a legitimate doctor, and that's that.
That's a, I wouldn't say,
it's a very domain-specific problem to solve.
What I'm trying to do is kind of
take the technology capture out of it.

(01:06:54):
The issue that I've run into with the traditional credential world is that they accord special privileges to the people that issue stuff and the ones that verify.
And then you have what are called the holders that don't see any rights at all.
The beauty I like about the NOSTA protocol, it blows away all those distinctions.

(01:07:15):
It doesn't matter whether you're an issuer, a holder, a verifier.
Everyone is completely equal.
and so as I said I just feel like we're standing on the edge of an entirely new frontier here
and we can get away from you know those medieval practices I call them medieval because

(01:07:35):
certificates really arose in medieval times we just digitize them we can break free from those
medieval practices that were we think are modern which they aren't and I think
all I'm doing
with my project
is that one NPUB
can send something to another NPUB

(01:07:57):
and the issue of whether you trust that NPUB
or decision of trusting that NPUB
that's out of scope for what I'm trying to do
I'm trying to create
0just like the capability 871 01:08:09,1000 --> 01:08:13,880 just like we communicate between two IP addresses
it's the same thing with what I'm trying to do
Mm-hmm. But if you were to extrapolate to people who would be using your NPUB, sorry, your app, right, NPUB sending things to other NPUBs, but they would need something else to ensure that the right thing is being sent to the right person.

(01:08:31):
And I think what I heard you say is it's, you know, a cryptographic or web of trust-based attestations essentially solve this credential issue, right?
0So you're not relying on authorities, you're relying on your peers, 876 01:08:47,1000 --> 01:08:50,400 essentially, filtered by a web of trust.
Yeah, where you kind of link it to the real world, the traditional world.

(01:08:54):
And I'm a big fan of NIP05.
So that like if you have a friendly identifier like I have tier about my gets it I getsafe you can resolve my end pub from that And I see what will happen
It will just be the equivalent of an email address.

(01:09:15):
You'll just say, here's my NIP5 address.
I can communicate that to you.
I can print it on a piece of paper.
and that's the meet space, what I call the invocation transaction
that has to occur outside of the digital world.
And I'm just trying to be as flexible.
It could be a QR code.

(01:09:35):
It could be an NPUB scanned in.
It could be like an email type NIP identifier
that someone can actually just resolve the NPUB.
That's a whole new area to explore.
What I'm trying to do is just not constrain what would be like an entirely new infrastructure.

(01:10:00):
I'm trying to build like a new infrastructure capability that doesn't constrain like organizational possibilities.
That's what I'm trying to do.
Yeah, no, that's great, Tim.
So let's talk about your thoughts on the current landscape of Nostra apps.
You're building all these, let's just say, things in the other stuff category, right?

(01:10:27):
Yeah.
Safebox, what have you, credentials.
And Safebox is really, it's almost like a protocol in and of itself because it allows you to transact in these different ways.
But set that aside for a second.
And if you were to take a step back and look at the broader Nostra app landscape.
What are your views, any thoughts, any criticisms of where things stand?

(01:10:49):
Oh, it's so new.
I think, I know that's a bit of a trite saying that,
but we're still figuring out what it really means.
And it's not that different than going back like 30, 35 years ago, the early days of the Internet.

(01:11:15):
You had the webmasters and you had the, you know, the cypherpunks and that, the real fringe, if you will, exploring new ideas.
And then, you know, finally that corporate America or, you know, the mainstream kind of figure things out.
But I think where we're at, my view is, for example, Bitcoin and the payment stuff, mission accomplished there.

(01:11:47):
It's not about, for me, Bitcoin and Lightning and eCash, it's a permissionless payment rail and enables anybody to send value.
And you can get in all the philosophical, strategic reserve kind of stuff or whatever.
But at the end of the day, it's kind of like what the internet was like 30 years ago.
You had the scrappy protocol called TCP IP.

(01:12:08):
It just took over everything.
Just boom.
And if you ever have a chance, it's the 30th anniversary of that Microsoft memo,
an internal memo that someone wrote to say the web is the new platform
and it's a big threat to Windows.
Came out 30 years today.
That's where we're at right now.

(01:12:30):
That's where we're at right now.
A classic Microsoft right there.
Yeah, yeah.
But they understood the strategic.
I was kind of in the thick of it back then.
And they did a big pivot, late 95, early 96.
Big pivot.
And they saw the threat or they saw the opportunity.

(01:12:51):
It's only a matter of time that some organization or whatever is going to write a strategic memo saying, we've got to do this.
like my my gut feeling it's going to be um maybe maybe a maybe a country that says oh we have to
have our own sovereign payment system and this might do the job for us and we need to have our

(01:13:15):
own sovereign communication system and uh this might do the job for us i think it might be a
couple years out before that quote-unquote strategic memo but i'm kind of forgetting your
your,
your question.
So the land,
the landscape.
Okay.
So lots of great social media stuff going on,
social media replacement stuff,

(01:13:36):
a lot of experimentation on zaps and value for value.
You know,
the usual kind of cypher punk,
you know,
censorship resistant,
blah,
blah,
blah stuff going on.
Yeah.
That's great.
but

(01:13:58):
I think we just need to cultivate it
I think what's happened
geopolitically things have changed massively
over the past
year
we're just seeing
institutions
kind of at a loss
governments are finding out they're not being

(01:14:20):
effective anymore
you have what I call the new apex predator
which is ai and that's actually one of my motivations is that i want to build build
something that i can protect the interaction between you and me without it being like predated

(01:14:40):
by um by like you know um being skewed or you know i don't want someone something a predator
in the middle that's either taking my funds or taking my data or changing my worldview without
me knowing it. And so I think we're in a new world. It's just not about anti-state or anti-government.

(01:15:05):
It's about there's these new predators out there in the digital realm and the traditional
international rules-based order is just not going to protect people against that. So we need to build
capabilities that gives every individual, you and me, the same strength of shield as

(01:15:27):
what a government would have.
And then once we figure that out, then we have to figure out how to build new institutions
around that.
So I just see NOSTER, you know, you might say it's not the most elegant protocol out there.
there may be some better ones or whatever, but it's simple and it has few constraints.

(01:15:54):
So therefore, it's generalizable.
So I'm seeing NOSTER not as a social media replacement.
I'm seeing it as an inter-application protocol for communicating intent.
And that's way bigger than social media.
oh yeah it is
it is the substrate for the application layer

(01:16:16):
of the internet
it's the so called fabric that everybody's like
blah blah blahing about and then the other
thing too is that
you hear stuff about agentic identities
and agent identities
and agents on behalf
it's like well just give them
a fucking input
sorry
that's just how I see it

(01:16:37):
I see all this
pearl clutching and waxing poetic
and blue-skying and just saying,
I think we can solve that problem with Nostra
pretty straightforward.
Also, the word agentic has lost all meaning at this point
because it means something completely different

(01:16:57):
to different people.
But your point is taken, right?
If you take the literal meaning of agentic
in the AI context, yes, just give them endpubs.
That makes complete sense.
So Tim, you'd mentioned a little, a short while earlier
about a country building this payment network, right?

(01:17:18):
And sadly, from my perspective,
that will not be the country of my birth, India,
because as you saw on your recent trip there,
there are QR codes everywhere
and they have the centralized universal payment interface.
So do you want to talk about your experience with,
specifically when it comes to the payment rails in India?

(01:17:40):
Yeah, and if you think there is a chance that Bitcoin could infiltrate that
and provide a better user experience than what exists.
Yeah, like I've been to travel quite a bit.
I've been in Vietnam, Cambodia, Thailand, India,
been in a few countries in South America, been in North Africa and that.

(01:18:04):
People don't give a crap about the tech.
They just want it to work.
and the the other the other interesting thing i've learned is that people you know just they
they want to transact in their native unit unit of account so like i found the same thing when i
when i was when we're in vietnam after about three four days you start thinking in vietnamese dong

(01:18:26):
um in in in india took a bit but after a while you're you're you're thinking in rupees and that
So it's like, okay, you know, you're not going to get them to talk about sats and bits and Bitcoin or anything like that.
So that was one of the things that I did was in my system, I'll just present it in its local currency.
So I think, you know, I think the two things are basically presenting the local currency.

(01:18:53):
And I think QR codes, they just work because you can actually see them.
uh and nfc is still like uh you know magic in the back you don't know really what's happening
um people are quite quite comfortable with that like as i said you know you go to a temple where

(01:19:16):
you band where they band cameras and there's like qr codes on the sides like what are you supposed
to do so you know they're you know everybody like everybody has a mobile device everybody has a
camera everybody has 5g so all the preconditions are there what's going to happen is that a country

(01:19:36):
it may be india maybe pakistan or maybe oman or whatever they're going to say oh we have like
a hundred million people that have phones but they don't have bank accounts
and uh we we we need to give them or they they don't have a method to pay easily

(01:19:58):
and uh someone will come along and say well here this could scale them up in a second and it will just take off you know um I think that that kind of what I aiming for is that uh I already had some inquiries I know uh uh some folks are watching

(01:20:20):
me with what I'm doing. Um, and I think now, you know, it may be like the idea, my vision is to
create a system like I want to do what I'm calling a community pilot like early 2026
where I set something up in an underserved area and maybe they operate the service or we operate

(01:20:44):
it from afar or whatever but it'll just work the the the the the other thing too is just like email
you don't think about email servers you just think about email I think with what we're doing with
relays working tirelessly in the background, not knowing what your data is, it can actually
provide a unified whole from all these thousands of instances.

(01:21:07):
So the key thing is, is that I've made sure that while I have my safe box, since it's
up and running, if there's another one up and running, they just know how to communicate
to each other seamlessly, but they can have completely independent infrastructures underneath,
just like email.
and so I think what's going to happen

(01:21:30):
and this is kind of what my focus is
is just to create a really simple payment wallet tool
that can be done in a browser
or on a crappy tablet or whatever
maybe there will be like an Android version
or an iOS version
but they'll be as dumb as heck

(01:21:51):
basic as heck
and then it will just take off
and then um uh then everybody will just say oh do you have an email address it'll be do you have
a lightning address um can i can i where can i send funds to oh uh yeah i'm i'm i'm canadian

(01:22:13):
dollars here your u.s dollars here i'm comfortable sending you five canadian dollars yeah it shows up
as $3.80 US dollars.
Well, that's what we negotiated the deal with.
The fiat conversion factor doesn't really matter anymore.
So I think that's the vision that I have

(01:22:34):
is that there's this interoperable network
where we can just convey value
and privately communicate with one another
and it will just take off like a rocket.
And oh, by the way, you can do social media on it as well.
Right.
The other thing you mentioned in your previous answer, Tim, was a predator, what you refer to as a predator, AI.

(01:22:58):
But maybe this part of AI, well, maybe for some it is a predator.
But you have posted some strong views on Vibe coding on Noster.
Do you want to talk about that?
Yeah, it's great.
So I use ChatGPT.
.gpt, I have a paid version, exceptionally valuable when I have a very specific problem to solve.

(01:23:21):
Instead of spending a day to figure out something, I'll just say, just give me some code.
And it's like, oh, okay, that's really interesting.
I integrate that into my app.
I wouldn't be where I am without AI.
And I kind of see what's going on.

(01:23:43):
um but i'm a first principles person i gotta know what's going on going on underneath the hood
and so you know you you can create an app and yeah it does something great and looks great
but you don't know what's going to break like um you know i i'm an engineer like i i took the

(01:24:07):
you know very seriously what we call the ritual the calling of the uh engineer the obligation that
we don't pass faulty or bad workmanship and that so if i don't know what's going on underneath the
hood uh i i won't um i won't i won't vote for it i think it's great for proof of concepts and
possibilities and exploring stuff and that's exactly what i've done but it's it's good for that

(01:24:30):
and so um you know folks that say that you know vibe coding is gonna gonna replace like the
engineers and the true creativity, it's like, nah, it's not going to. It's not going to. And if you
think it is, it's not. Where I really feel concerned for is I'm relatively advanced in my

(01:24:55):
career. I've had the advantage of like growth by hard knocks, trying to figure things out and,
you know, being stuck on things for a week at a time and trying to figure it out. You know,
the internet kind of solved that to some degree like but a ai you know is like um if you rely on

(01:25:15):
too much it's like riding an e-bike in the tour de france and then thinking you're you're you're
you should you should get the glory at the end it's like no no like uh um you still have to do
the hard work um my my own experience with what i'm working on is that i got to do some hard
engineering some hard thinking especially how to coordinate everything in an asynchronous context

(01:25:38):
it takes a lot of thinking and that and ai can like uh provide some hints or whatever but
i i just got to do the hard stuff so it's it's great but um and i think a lot of the senior
people that are playing around with it saying it's a great thing they're they're standing on the on

(01:26:00):
the shoulders of what they've accomplished. I've already seen, like, I have a son that's an
engineer as well, hiring co-op students, and they're kind of shocked at how they get these
kids in that look good on paper. They did the Zoom interviews and that, but they can't code

(01:26:20):
without, they're really weak. So we just have to be really, really careful about lauding these
tools being the great
solution.
Hey, Tim, you never know, the next generation of
AI coding agents will be created
solely to clean up
the spaghetti of the previous generation

(01:26:41):
of Vibe coders.
So it might all just work out.
Yeah, I guess the biggest lesson I've learned is that
I have three boys.
They're all engineers.
And the biggest thing I've learned
from them is that
they made me realize that
my own limitations
I limit myself and I see what they do

(01:27:01):
and I realize that I need to work on new assumptions
and so we have lots of discussions about that
so I think there's a benefit for older people like me
and for younger people to combine these things
No, for sure
So Tim, what else are you working on other than Safebox?

(01:27:24):
Oh, this is my main
I have a Fiat job kind of thing
don't really feel like talking about that um i i'm quite an avid cyclist road cyclist um
um i i have we have a pug and pug just search on that hashtag and pug you'll see pictures of her
um but this is going to be when i when i kind of wind down my my my fiat uh career which will be

(01:27:54):
sooner than later, I'll be putting 100% of my professional effort
into the SafeBall project. It's more than a project, it's a calling.
I just see
a real revolution before us.
Not to get into the historical parallels and stuff like that, but I

(01:28:14):
really think we can actually change the world for the better with what we're doing.
And I just want to be part of that. I saw the
revolution of the web
30 years ago
you know
and I just
feel in my bones that there's something
there's something here
and I want to be a part of it

(01:28:36):
Amen to that
Tim
Anything you want to plug
where can people find your work
how can they get their hands on Safebox
Yeah so follow me on
Noster
I think if you just
my handle is
tierabauma
the
the

(01:28:56):
URL is
get safe box
dot app
I'm still
it's pretty alpha
if you really
want to use it
just
just send me
a
a DM
or if
if you know that
if someone has it already
there's a community
button where you just
scan the QR code
and you get a wallet
immediately
so I'm just being
very

(01:29:16):
very
just judicious on who's using it.
I'm not quite ready to roll it out
on anybody that's not willing to lose some funds.
Yeah, that's about it.
Like, I really believe,
get on Noster, follow people.

(01:29:39):
I try to, kind of, as I learn stuff or have thoughts,
like, I spend a lot of time reading in the mornings
and then I collect thoughts and post them on Nostra.
I used to do that Twitter like years and years ago,
but Nostra is my main vehicle.
And so if you want to have an exchange or see what I'm up to, just go there.

(01:29:59):
And I think I link in my profile, I link to the NPUB Pro site
so you can just see stuff that's going on.
Yeah, I would certainly urge folks to follow Tim on Nostra
and read his musings and his wisdom.
I certainly benefit from doing so.
Tim, genuinely appreciate you taking the time and sharing that said wisdom with me and our audience.

(01:30:24):
To everyone listening, thank you.
If you weren't listening on Fountain App, well, it's too late now to change, but I do hope you will.
The next time, support the Value for Value revolution.
QW had the day off
to participate
in a boating accident

(01:30:44):
a long awaited one
he will be back next week
we will be back next week
so thank you to our live audience
on zap.stream
thank you to everyone listening on Fountain
please subscribe
if you can
if you want to support the show
you will get early access to this episode
and potentially other bonus episodes

(01:31:07):
that we release.
Thank you, Tim.
Thank you.

All Episodes

PCR114 - Signed, Sealed, Safeboxed with Tim Bouma

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

Las Culturistas with Matt Rogers and Bowen Yang

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}PCR114 - Signed, Sealed, Safeboxed with Tim Bouma