Nostr Web Client

Mike Dilger ☑️ 5mo ago 💬 53

Wow I just found nostr:npub13ndpm2hm9hud4azsq5euhf5mv3d05r90wymwxsd7rdn29609hhvqp60svh. He is so *smart* and not at all "retarded." 😏

I'm not sure if I should bother correcting his misunderstandings of nostr, or his misjudgements of what is and isn't censorable and why, or just ignore him. Does he listen or just talk? We will see.

I like pkarr. I like using Mainline DHT directly even more. I'm using it in Mosaic. But it is also censorable. The bittorrent DHT may not be subject to sybil attacks, but it only has 3 (AFAICT) public well-known on-ramps. Take those three down and people who don't already have a node list can't get on. Nostr is not better for bootstrapping (finding a person's relays) but it isn't much worse. There is a weak centralizing pressure to put relay lists on a the same well known popular relays, but those change over time and the pressure changes over time, and good clients republish to the current popular set which can move. The main issue is that client devs are all over the map in terms of how they choose to deal with the situation, and some aren't even using outbox model. IMHO (emphasis on H) the main benefit of the DHT is someone new with a single key they want to follow can get started without knowing anybody nor any relays/servers.

There is no censorability difference between homeservers in pkarr and relays in nostr. You can run your own, or you can outsource it, in both cases. One isn't more censorship resistant than the other.

When I look at https://github.com/pubky I see among top rpos "pubky-app" which says it is a deprecated repository, and will be replaced with pubky/franky. But pubky/franky does not exist. So IMHO there is no opensource pubky, which means I won't be using it and I recommend against.

Reply to this note

Please Login to reply.

Discussion

Byzantine 5mo ago

who runs the 3 dht on-ramps? is there a list?

Mike Dilger ☑️ 5mo ago 💬 2

I don't know who runs them.

router.bittorrent.com:6881

dht.transmissionbt.com:6881

dht.libtorrent.org:25401

This is false, regardless of Nostr or Pubky or whatever low stakes feud bitcoiners engage in instead of trying to fix scaling issues.

Mike Dilger ☑️ 5mo ago 💬 1

I'm willing to admit that I am wrong and learn something. But just saying I'm wrong isn't going to do it. Like any kind of science, you have to show me that I am wrong.

Big Bad John 5mo ago 💬 1

Every node you’ve ever talked gets cached.

Fresh installs can bootstrap:

- BEP-34 DNS seeds (TXT records listing live router IPs).

- Magnet links with explicit peers.

- Local peer exchange / LAN multicast.

- Manual seed lists shipped in the app (same trick Bitcoin Core uses).

Removing all these vectors simultaneously would require blanket UDP filtering across the Internet, which is a lot harder than blocking a handful of Nostr HTTP relays.

Is this Chatgpt? Please stop.

Big Bad John 5mo ago

Love you, brother

If these were necessary, why aren't they mentioned in BEP0005 or hardcoded in Libtorrent?

Also, take mainline crate, and replace the routing table with this node; relay.pkarr.org:6981 see what happens.

Also, once you bootstrap, call to_bootstrap() to cash your table to disk for next sessions, and use that for bootstraping and see what happens.

Come on now.

Mike Dilger ☑️ 5mo ago 💬 1

SAME IN NOSTR. My point isn't that DHT is BAD. My point is NOSTR IS NOT WORSE. Hear my point, not the adjacent one you think I'm arguing.

nostr:nevent1qqsdja0mkqmh564tkvga6mjm49uy9pe5dlwyql3uq6sq5xhkj2k87wgpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7hd8x3g

Big Bad John 5mo ago

Nostr is clearly worse.

Mike Dilger ☑️ 5mo ago

In specific ways yes, but specific claims about it should be narrowly focused on what is wrong, not overarching, because much of nostr is also better.

I know exactly what you are saying. But I don't care about Mainline vs Nostr. I only care about the technical details of Mainline because DHTs have too much bad reputation and I guess I am a bit autistic about it. You said that a certain 3 nodes are necessary, they are NOT, and there aren't any specific ones that are necessary.

This is strictly better and different in kind from mere redundancy of servers. It is a self healing mesh. That is not special though, Bitcoin p2p gossip and every overlay network is this way.

Mike Dilger ☑️ 5mo ago 💬 2

Ok. Thanks. I didn't mean "a certain 3" but I see how it could be taken that way.

But again same in nostr, you don't need to use purplepag.es to get started. From any relay you can discover many others and then find people's relay lists scattered about. It is a self-healing mesh too. Uglier and less certain, but not on a different order of censorability. Unless you are using primal (so I hear, I don't use it).

Yes everything can be anything if you try hard enough. You can even search Google to find the newest incarnation of your favorite pirating index after the previous one gets taken down. Hell you can download HOST.txt from your friends by sms.

But at some level of generosity technical discussions become too unserious

Not only is Nostr relays are orders of magnitudes fewer, and less time tested. and dns dependent. They are also not cheap to run AND have a conflict of interest since they double as service providers

This is the Mastodon and even Email fault, where the service providers can boycott and censor other providers.

But Mainline is cheap, extremely redundant and have no interest whatsoever in what is published on it. They don't compete with the services that are published on it.

This is significant in my opinion, you can't dismiss all of this merely as difference of degree... at some point it becomes difference in kind.

Byzantine 5mo ago

could nostr clients use pkdns for dns lookups?

Mike Dilger ☑️ 5mo ago

https://github.com/nostr-protocol/nips/pull/1968

Mike Dilger ☑️ 5mo ago 💬 1

I agree with that first stuff: fewer, less time tested, dns dependent (you can specify IP addresses though). And even worse you can only have one endpoint, and you can't change it without losing the relay's reputation.

I think they are cheap to run though. And don't have to also be service providers. I wrote chorus to be a personal relay so everybody could be on their own personal relay.

Sounds like you are arguing for decoupling resolution from service providing, and providing resolution where it can't be boycotted/censored. Sure you did that. But at some point there has to be a service provider so the problem is just conveniently pushed over to them.

You can change providers in Nostr and Email both, but not Mastodon.

Big Bad John 5mo ago

When you change providers in Pubky you can hotswap without losing context thanks to pkarr.

Mike Dilger ☑️ 5mo ago 💬 1

Yes. Great stuff.

And in nostr when you change relays in your relay list, and move your data, you have done a similar thing. That is, USERS can move whenever they want, to evade censorship, etc. But RELAYS cannot. With pubkey in a sense, the RELAY is the USER.

But in nostr you can have one set of relays for sending things to the world (outbox) another set for receiving messages (inbox). In pubky you just have one, right? So on the data side it is less redundant? I could be wrong on that.

If I run my own Outbox, how can I tell the whole world about it if they 10 relays every one reads from censor me by decree from USG under the threat of unpersoning the relays owners aka sanctions?

Mike Dilger ☑️ 5mo ago 💬 1

If people only read from 10 relays under USG control, nostr won't survive that. I have 3,881 relays in my gossip client relay list. Granted most of those are junk. But there are far more than 10 relays. When I advertise my relay list I generally hit about 100-200 relays with it. For sure some of those are in China, Russia, Iran, etc. So this situation isn't close or likely.

Big Bad John 5mo ago

This might be fine if nostr stays small for pocket/private networks, but for social media, marketplaces, etc... nope.

Good to hear, but this sounds like an adhoc gossip network. We don't need to reinvent overlay networks, we know that DHTs scale, gossip doesn't. Gossip only work when you are already cursed with the need to replicate a dataset in full.. for everything else, sharding aka DHTs are the optimal solution.

The 200 relays you reach, are not likely to be the ones I read from, and if it is likely, then it means these relays are under too much stress and they will churn or drop your data soon.

Nostr is good enough for sure, but physics is physics, and the Web needs a DHT or ICANN... these are the choices.

Mike Dilger ☑️ 5mo ago

I agree DHTs are the superior solution. The odds that the 200 relays I used do not overlap at all with the ones you search are vanishingly low when we are inspired to use the most popular of relays. Is that a centralizing force? Yes, but a modest one, and what is popular changes ovrer time. Nonetheless it is clearly inferior to the DHT. Which is just one of the (many) reasons I'm working on Mosaic.

Big Bad John 5mo ago

I honestly cant follow this degree of equivocation.

It just sounds like nothing means anything and everything is the same even though all of it is totally different...

Pubky currently supports modular optional indexer(s) and homeserver(s).

Indexer can pull from one or many homeservers, or anywhere really.

Apps can rely on indexer(s) or not.

Mike Dilger ☑️ 5mo ago

I'm sorry that it sounds like meaningless equivocation to you. Maybe you don't understand enough about how nostr works.

In nostr, to find somebody you look for their kind-10002 relay list. The spec says to spread that thing as far as you can. Relays are all supposed to host it if they support NIP-65. Just one per pubkey, a newer one replaces the older one. Inside that signed document you specify which relays you are using. At any time, you can change those relays and publish a new relay list document.

If you are using 5 relays (3 for outbox, 2 for inbox), then one of those outboxes decides to start charging, you go find a new provider, copy your data from the bad relay (or better yet one of your other trusted outbox relays) to the new provider, and update your relay list.

Instead of registering an endpoint in the DHT, and updating that whenever you like, you publish multiple endpoints in a relay list and update that.

Outboxes are where people come to read your posts. Inboxes is where people drop messages to you. Because I don't follow everybody who replies to me, I can't expect to see their replies on their outboxes, so they have to copy me on my inbox.

So in nostr you specify MULTIPLE relays. I'm not sure but with pkarr you specify one homeserver? Maybe you can specify many, I don't know.

BTW having multiple relays has problems. People go off and setup hundreds and then our clients get overwhelmed. I think the spec should say "only first 3 count".

semisol 5mo ago

You don’t even need signed relay lists on Nostr.

Every relay only can benefit or do nothing, not harm; prioritizing relays is just an anti-DoS measure

Garbage nsec 5mo ago

Oh relays can harm!

I am arguing for the decoupling, but not as a novelty, we have a history of Internet and web architecture to support this decoupling as an important principle. Nostr ignored that because it was designed to serve one purpose (social media) where highly contextualised posts are the norm.

Of course now the revision of "nostr is for the other stuff and fix the web" is here because the social media usecase stalled, but here is where i come to be annoying and say no stop, the mess that was made while assuming social media, doesn't fit when you are trying to fix the web.

If you want to fix the web, you should fix DNS, because that is the only minimal layer that actually can be decentralised at scale, and is sufficient for all small world applications.

Anyways I don't think we have disagreements. I just wanted to defend DHTs honor from even more misunderstandings, not by you, but by people who would have read your posts and took them at face value.

Mike Dilger ☑️ 5mo ago

I'm sorry my post looked like a shit take on DHTs. I was really kinda pissed at the many claims I was reading from John that people are retards and nostr is highly censorable whereas pubky is perfect and uncensorable. So in that shitty mode with a desire to knock him down a peg I tried to make a subtle point that on first blush sounds entirely like I was making a different point. And that happens when I post hastily.

Big Bad John 5mo ago

Understandable, but it was still your attempt to correct me, and I don't think you really did in the end.

A lot of people were extremely retarded this week, nostr is highly censorable at scale (which was my actual claim in most instances i think), and it can still be argued that pubky's design could overall fix the web.

Maybe there are other claims i made you didnt address, and i know my style is difficult, but my behavior and claims were all sincere.

Mike Dilger ☑️ 5mo ago

Replace it with an empty list and see what happens.

Big Bad John 5mo ago

Those three (router.bittorrent.com, dht.transmissionbt.com, dht.libtorrent.org) are convenience helpers baked into popular clients.

The DHT spec allows any UDP host to act as a router node, and they already do (uTorrent, qBittorrent, Aria2, PicoTorrent, etc.)

Byzantine 5mo ago

does pubkey have a baked in router helper?

Tekkadan, ゲロゲロ! 🐸 5mo ago

Uhh yeah this is my question too

Mike Dilger ☑️ 5mo ago

To be clear, you can use ANY NODE and it will work. And there are gazillions of nodes. But you still need to get started somehow. I don't think anybody could design a better system. But yes it has baked in starting points. see DEFAULT_BOOTSTRAP_NODES

https://docs.rs/mainline/latest/src/mainline/rpc.rs.html

My point was only that this is censorable, that EVERYTHING is censorable in this sense, and that nostr is just as censorship-resistant in this sense. Not trying to say the DHT isn't good.... it is great.

Mike Dilger ☑️ 5mo ago

My point was that if you don't have a node list, you can't get one without going to these "convenience nodes". Take down these nodes and new people who have no other way of finding a node can't get anywhere.

This is IMHO the same problem nostr has, except nostr has the problem right now because it has no "convenience nodes".

Garbage nsec 5mo ago

>The bittorrent DHT may not be subject to sybil attacks, but it only has 3 (AFAICT) public well-known on-ramps. Take those three down and people who don't already have a node list can't get on

To be fair to PKARR it directly addresses the problem of limited bootstrapping mechanisms, like that's the whole idea.

Mike Dilger ☑️ 5mo ago

IF you don't know about any nodes (because you are a brand new user), AND you can't access these three hardcoded one, THEN you are fucked.

No I'm not saying that anybody could ever do better than that. Even in theory I don't think you can do better than that.

What I *AM* saying is that nostr is on the same order of uncensorability as this is. That is, IF you don't know about any relays (because you are a brand new user) THEN you are fucked.

Big Bad John 5mo ago

Mainline has many bootstrap vectors, the three famous domains are convenience, not single points of failure.

PKARR provides signed, multi-endpoint records. Nostr relies on trusting third-party relays to actually store and serve your events.

Pubky’s protocol & apps are already open, the polished new app will open once it exists.

So your claims that PKARR “isn’t more censorship-resistant” or “isn’t really open” are disproven.

Thanks for playing.

Mike Dilger ☑️ 5mo ago

Nostr has many bootstrap relays, the famous purplepag.es is competely unnecessary, not a single point of failure. From any relay through the data you can find many other relays, and from there the relay lists of anybody you want. It is a self healing network too.

Nostr provides signed, multi-endpoint relay lists. DHT relies on trusting third-party nodes for routing and data storaget serve your records.

Nostr's protocol and apps are already open.

I'm not saying pkarr is different than you imagine. I'm saying nostr is different than you imagine. And that they have similar levels of censorability.

Game isn't over.

Big Bad John 5mo ago

You forgot to admit being wrong about Pubky open source.

Garbage nsec 5mo ago 💬 1

Ah okay, I get your angle now, fair. I dunno though, would someone ever have an interest in Nostr or Pubky and not know someone on the inside? How would you even come to know of the existence of either if you didn't have a contact? I guess from a blog or article something, but still seems pretty rare to come to a social protocol not via social means, and therefore have an agent of sorts.

Even if you don't know anyone, you can run a local network in your town, and it only takes one node to find a node from the mainline big network, for everyone to be entangled in one big network... tell me this is not different from how nostr clients discover relays :)

Come on man, yes Nostr can become a DHT, a small one, but it isn't, not even close, it is not behaving that way and paid relays (the only sustainable ones) have no (almost negative) incentive in losing their advantage as the scarce common well known relays

Garbage nsec 5mo ago 💬 1

You're making a lot of good points in this thread.

Also if I was Darth Vader and Nostr was the Republic's social network of choice then the absolute first thing I would do would be to setup a free and highly performant Nostr relay and boost the heck out of it. And I'd do it early too.

Same dynamic exists in Pkarr because relays. The difference is that Pkarr queries the DHT and relays in parallel by default and will always do so, because why not. So a relay used by everyone is very unlikely to be a single point of failure... because the parallel query to the DHT is not expensive.

Even if you are in browser, if only one of the relays you are using in parallel is honest and publishes to and read from the DHT, then no matter how small and obscure it is, it is still bypassing the malicious relays.

It is just too hard to censor.

ynniv 5mo ago 💬 1

You can block Mainline DHT access, which prevents you from participating at all. On the other hand, unless you can stop people from signing data, they could publish events to nostr by writing a letter.

One of these things is not like the other

Big Bad John 5mo ago

You are glorifying signing data and asking servers to host it, many less than those on Mainline.

There are millions of nodes that support the bep we use in Mainline.

Lots of people in China using Mainline?

You think data submitted to the DHT is not signed and can be shared by sms too? Why are you still trying to push this false dichotomy?

ynniv 5mo ago 💬 1

Huh? How do you publish or read pubky without access to Mainline? Also, pubky content is unsigned on your "home server". Pretty sure only your IP address is published to the DHT. These are two separate problems with the protocol

It's not my job to prove or disprove anything about pubky or to try and fix it.

But I know that you can publish messages to nostr using nothing more than a photograph of text with a timestamp, presumed identity, and signature block, because I actually did that

You are confusing so many things. Read BEP0044 if you are interested. You can post signed arbitrary data to ~20 nodes in the DHT and people can read them later.

This has nothing to do with pubky. This has existed for more than a decade.

This same signed data can be sent in anyway that nostr events can, nostr events are not special in that way. But the data that follow BEP0044 are special because they have that extra ability.

And by the way. Tons of nodes in China, don't take my word for it, run a node and crawl the dht and see how many nodes will have China ip addresses.

Mainline is there. You can use it, or not, but at least know reality if you are invested enough in the topic to keep replying by this false dichotomy.

I'm not invested enough to wander around pubky telling people not to use it. I am invested enough to defend what's valuable about nostr when people throw unsupported arguments around

Big Bad John 5mo ago

I dunno, i am starting to think you are just some guy with a qr code fetish :)

I think you just want people to join your club. Maybe make something people want 🤷

Big Bad John 5mo ago

Not even joking, we have a very cool qr-related project for pkarr coming up, youre gonna orgasm once we can demo it

I look forward to enjoying your demo so completely

Mike Dilger ☑️ 5mo ago

I like your point. But we cannot compare the data half of nostr with the resolution half of pubky. Nostr strictly-speaking is the client-relay protocol, which can also be blocked. Pubky identities could also sign data and send them around with paper airplanes if they get blocked in China.

If I were on a mountain in Tibet with a 30 year old laptop, I could write a spicy political message. A photographer could take a picture of me with my laptop in the background displaying a QR code, and publish it in a book. If anyone who saw that book scanned the QR code and recognized that it was nostr data, re-encoded, and published it to a relay, it would be 100% indistinguishable from me using nostr on the latest iPhone from a Starbucks in New York. And anyone who knew my pubkey would know that this content was precisely what I had written.

An interactive, DHT based protocol will never be this censorship resistant

Yes, nostr has a relay portion, but it's only an optimization over the data portion. You can "use" nostr without relays if you need to

Big Bad John 5mo ago

All of Pubky protocol, and all live apps with users, are already open-sourced. Please stop looking for lazy ways to discredit us.

The Pubky-app repo is the app used in the beta test.

Franky is a new app under construction that will also be open-sourced when it works.

We published our own research, and method, on Mainline censorship resistance.

Nostr does not even come close to what pkarr provides, and the same holds true for our indexer and ssg method.

https://medium.com/pubky/mainline-dht-censorship-explained-b62763db39cb

Big Bad John 5mo ago

Also what the hell is wrong with believing you I am smart?!

You don't think you smart?

You can't see that some people are dumber than you?

Like, cmon. It's just self-awareness.

Mike Dilger ☑️ 5mo ago

You are an ass to people that you think are dumb. I don't like that, they can't help what the are, I prefer to humbly educate and explain and be suprised that people aren't as dumb as I might at first think. So I reserve the right to be an ass to you about it. Although I really haven't been an ass to you, I just made one snide remark.

Big Bad John 5mo ago

Your whole post was a retaliation, just like most people here. And like them it warped you into equivocating and even lying by mistake.

I am not mean to people because they are dumb, i am candid because they are ignorant, and deluded, and i dont have time to humor the qty of people that wished i didnt say the things i do.

I cant know how smart these people are, but i can judge how genuine they are pretty easily.

I am sorry if my style offends anyone, but times are retarded and I have shit to say.