I reduced the relays I read and write from/to heavily a few weeks ago
It started to look like I was writing into the void and I started missing a ton of DMs (I only know because some people told me)
we still have a long way to make this thing decentralized
I guess I'll cave and add the popular relays again...
#outbox
You are either need to host your own (temporary?) relay bouncer for this.
Yeah, I don't think it's even close to being "there yet" while there isn't an algorithm, there are people who I follow that I don't see regularly... I actually have to bookmark them to get to their profile, because when I search they don't come up.
all clients except Snort, Coracle and Yana are LARPing, many users don't even have a 10002. Most are connecting to a bunch of well known relays, even malicious ones. Is specially bad if a client runs its own relay since they don't care or need to care about decentralization. Some client devs even openly discourage people from using other clients. Sad.
wow, what clients discourage people from using other clients??
yeah, we still have a lot of work to do.
Just saying "fuck it, I'll hardcode my relay" is too attractive (which is largely why I started working on ndk)
What are the malicious relays you mention? 🤔
Im guessing he’s sub-posting me because Ive said this in the past. I have to deal with hundreds of complaints about other clients nuking contact lists. So I have said “if you use another client it may corrupt your contact list”.
Once damus is better at defending against other clients breaking stuff in damus then I wouldn’t have to say this. But it would require some decent amount of code to detect large changes in followers, etc. I’ll do it eventually but it’s a lot of work.
I have already seen malicious relays (but more likely just buggy relays) that will return results that don’t match your filters. In the outbox model you’re giving control of what relays you connect to other people. Until my client is hardened I don’t feel comfortable doing that. But the local relay model I’m working on fixes a lot of these concerns, so I’ll finally be able to switch to outbox once thats done.
this is good and necessary imo; clients need to be hardened against malicious relays
yes, outbox makes this slightly worse, but if a user manually connects to a malicious relay that buffer-overflows the client and leaks the nsec or something like that it'd be equally bad whether the connection to the relay started automatically or manually
great to see damus is moving in this direction
btw, don't know if you saw it, but nostur does this where it keeps a local copy of the contact list and if a "large" change is detected it prompts you to republish your old state
Yes nostur is doing the right thing here, a lot of this stuff is easier with a local database which is why he was smart to start with that. I’m playing catchup… and decided to write my own db from scratch for some reason 😅 but I think the results will be worth it
yeah, pretty sure the results of nostrdb will be massive and very much worth the investment
https://github.com/damus-io/damus/issues/1855
In addition to contact lists, there are issues with third party clients breaking relays.
NIP-65 is almost a year old at this point. kind 3 relays was never part of the spec, is a "crappy legacy from branle".
> In the outbox model you’re giving control of what relays you connect to other people. Until my client is hardened I don’t feel comfortable doing that.
As far as i understand it, it only tells your client what relays to fetch another users posts from, you’re not adding those relays as a permanent part of your own relay list. So what would be the dangers?
You need to connect to fetch the notes, so yeah, you need to not be vulnerable to a relay giving you a payload that would compromise your client.
That said, you would still need to not be vulnerable to a malicious payload even if the user manually enters the relay URL
Thank you for clarifying. We all know you take this seriously.
Relays that respond with wrong events for filters, invalid signatures or use NIP-42 for surveillance and not access control.
People often say “nostr is nip1 other is optional” and because of that even always dance around “websockets are cool we CAN’T have HTTP its NOT NOSTR !!1”
So what the hell is 10002 and why should anyone implement this nonnostr stuff?
I keep waiting for relay hints to start appearing in e tags but they never do. Same with DMs, I simply can't DM certain people because their client doesn't look in the right place. This is probably the most important thing to fix on nostr.
https://github.com/damus-io/damus/issues/1147 patches and PRs welcome 🙏
All clients just need to start with the same large relays already set. Like relayable and purplerelay then let users add their own. But if we can standardized core set of relays at least the DM will get populated.
When I read the design for nostr, I immediately suspected this would happen, because no message distribution architecture or algorithm.
The risk is that you wind up with a few big tech giants owning all the actually useful relays.
On the other hand, if you took the approach I would have taken, thought about that problem and designed a scalable solution, nostr would not exist, but would be endlessly being worked on
That’s the tension with these systems. I think we will do better but these things need to be called out and tested so we know we need to work on them more
If most people used clients that support NIP-65/Gossip, that problem shouldn't exist. As far as I know, nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 still doesn't utilize NIP-65, and it's the most popular Nostr client. nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s thoughts?
Yup, that’s the kind of thing I wanted to point out. Wrt Damus jb mentioned he’ll add outbox model support
It's hard not to get annoyed by this for sure. I always have to re-add the damus relay or all of iOS friens just drops out of my nostr experience.
I also brought up that quoted posts dont notify me, and Will actually noticed me asking for it and implemented it in some way that only works in damus 😭
So, here I am getting dunked on by quote posts all the time probably and I don't even know.. and adding the damus relay that I don't want to use..
I have some hope left, but I also have this growing nagging feeling for a long time now that damus is not interested in collaborating. Why should they? They own all of nostr basically and soon will own android too. And it bothers me because I can see it breaking down and the NIPs system of collab may just have failed a while back or just been a non-starter beyond nip01..
Anyway, I hate talking like this so I usually stay silent, but I'll pile on here and just be like, wtf, does nostr want help growing from other devs or just some VC to own it all. If help is wanted, we need to agree on standards somehow.
( ⚈̥̥̥̥̥́⌢⚈̥̥̥̥̥̀)
If you think everything has to happen all at once then you do not understand the basic laws governing this existence. Nostr, Bitcoin etc. takes time to grow, but when it hits that critical mass point . . . nothing stops it. Ever.
https://www.youtube.com/watch?v=v88gbtKBTv4
nostr:note19kdj9n360mnvckw9c48870576jffnx9ts379gs03q4cz0k7tdrms7ng52m
