Nostr Web Client

The big why behind Blossom

Laeserin, IMO the short answer here is that Blossom is about resiliency. Dead simple, pragmatic "Universal" resource addressing with viral replication and easy fallback trumps features and flexibility (i.e. not NIP-96, certainly not IPFS).

Stop here if you don't care about the details (you have been warned). I'm verbose, I’m not AI, and it’s not my problem if certain anons have an attention span of 280 characters.

(...)

Still here? Good.

==============

The long version

==============

Illustrative use case: Anon wants to upload their favourite meme to Nostr.

Simplified flow:

1. Anon uploads their media to a Blossom server (PUT /upload), gets a universally addressable hash at the root of the server (GET anonsblossomserver.xyz/{sha256}.png).

2. Anon can also optionally mirror (or configure their client to mirror by default) to as many other Blossom servers as they wish. For instance, Anon sets their Nostr client to mirror to blossom.band and blossom.primal.net, so from here on they can retrieve a copy of their media from blossom.band/{sha256}.png or blossom.primal.net/{sha256}.png.

3. Anon then posts a kind 1 note referencing anonsblossomserver.xyz/{sha256}.png.

4. Nostr clients, even those that don’t know anything about Blossom, try to retrieve the resource from the link. The resource is there, the server is up; happy days, the client just retrieved Anon’s meme over HTTP.

Now assume that, in a joint effort, the Ministry of Truth and Ministry of Love decide that anonsblossomserver.xyz is not doing proper age verification with government IDs and biometrics, so they take the domain down.

At the same time, in this alternative reality, nostr:nprofile1qqsglv2qkn5dmmuhee9cy8fywfu2rfp4xd3xy0myqg2gfvmjl9yqqrqpp4mhxue69uhkummn9ekx7mqpzemhxue69uhhyetvv9ujumn0wd68ytnzv9hxgqgkwaehxw309aex2mrp0yh8qunfd4skctnwv46qye8cpd goes evil and decides that non-Blossom stuff is so much better than Blossom that they will make blossom.band incompatible to focus on their other tool, notreallyblossom.band, with several cool not-Blossom features, Microsoft vs Netscape style.

So now anonsblossomserver.xyz/{sha256}.png returns 404 and blossom.band/{sha256}.png returns The Fishcake's favourite photo of a dog telling you to pay to retrieve your image from notreallyblossom.band/path/{notReallyTheOriginalSha256}.png, serving a slightly compressed photo of a dog with a watermark (sorry for making you the evil villain of the story here, The Fishcake; I hope you forgive me).

Nostr clients that are Blossom-aware can now fall back to other Blossom servers:

1. The client finds out that anonsblossomserver.xyz/{sha256}.png is broken.

2. Instead of giving up, it retrieves Anon’s kind 10063, which contains a list of their favourite Blossom servers.

3. The client then tries to download {sha256}.png from each server in the list until it finds one that works. It can even detect The Fishcake’s evil version of the attack by hashing the blob and verifying that it doesn’t match the hash in the original URL. It then proceeds to retrieve media from blossom.primal.net, finds it, and all is well.

Now let’s assume that blossom.primal.net is also down, but other anons have mirrored the media to other popular blissim servers like supeuperdupperblossom.ch. Clients can even fall back to a list of popular servers, ask each server if they have a copy of the media (/HEAD {sha256}.png), and, if they do, download it from there.

There’s of course a bit more to it, with optional endpoints around media optimisation, listing images for a certain npub, reporting bad stuff, paying to host, retrieving metadata, etc. But the core functionality is basically what I stated above.

Hopefully this is helpful.

nostr:nprofile1qqszv6q4uryjzr06xfxxew34wwc5hmjfmfpqn229d72gfegsdn2q3fgpzfmhxue69uhkummnw3e82efwvdhk6tcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszythwden5te0dehhxarj9emkjmn99urf278z, I'm thinking about putting together a "Why Blossom" presentation/domain like Fiatjaf did for the Outbox model. What do you think?

#Blossom #TheBigWhy #GrowNostr #NonCanonical #ShowBeALongFormArticle #ButItWontBecauseImLazy

Laeserin 🇻🇦 4mo ago 💬 2

Hmm... The way I'm actually living it, is that the file uploaders on more and more clients now upload my stuff to Primal or Band, instead of to Build or Sovbit (both of which I pay for and strongly prefer over the other two).

I can only get away from their datenkraken by using Jumble's file-uploader or manually uploading to Build or Sovbit, and then copy-pasting in the URL. And then they grab everything, anyway, and squirrel it away.

The Blossom servers are the Baddies, in my world.

If I had wanted them to hold a copy of my image, I would have given it to them.

Using Nostr is getting creepier and creepier. So many relays don't respect deletes. The developers almost all work for the same dude. AUTH isn't being implemented. The media servers act like stalkers...

Reply to this note

Please Login to reply.

Discussion

Niel Liesmons 4mo ago 💬 3

Community boundaries, and :90percent: of these issues go away.

Laeserin 🇻🇦 4mo ago 💬 1

I 💯 agree to your 90%. 😂

Niel Liesmons 4mo ago

As long as I :110percent: agree back to that, we should be good...

Riiiiiiiight :padme: ?

#badmath

Laeserin 🇻🇦 4mo ago 💬 1

Blossom is a media server, but make it that ex-boyfriend who can't take a hint and has his bedroom wall plastered with your Facebook vacation pics.

Niel Liesmons 4mo ago

Hahahaha #AUTHIM

Anthony Accioly 4mo ago 💬 5

Got it. I understand where "Blossom is the villain that allows others to distribute my content" comes from. IMO, this is Blossom’s main use case and strength; it’s built to do exactly this. So maybe it’s the wrong tool for the job if you have media that you, for whatever reason, want to make publicly available but don’t want others to distribute?

I mean, yeah, to soften my previous statement a bit, there are certain Blossom features around AUTH, paywalling, etc. Blossom is certainly less opinionated than I am. But honestly, if your use case requires making something publicly accessible without allowing folks to easily replicate or distribute it, there are better ways than Blossom to do this. We live in a world where DRM can be “the good guy” depending on who you ask.

If I was building, say, the next Internet Archive or tools for public distributed Git like nostr:nprofile1qqs2qzx779ted7af5rt04vzw3l2hpzfgtk0a2pw6t2plaz4d2734vngpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcppemhxue69uhkummn9ekx7mp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7hycrvd, Blossom could be a great hammer. So my take here is: use Blossom where Blossom’s main strengths are a feature instead of a nuisance. Use NIP-96 or whatever else you want when that’s not the case.

As for clients allowing you to select where to initially upload things, this is slowly improving. Amethyst has allowed you to select your own Blossom server for ages. So does noStrudel, Nosotros, Primal, etc. If your favourite client doesn’t allow you to select your Blossom server, pester them to do it (or submit a PR 🤣).

Laeserin 🇻🇦 4mo ago 💬 2

Most people don't actually want their media distributed all over the place. This is a solution that is looking for a problem, IMO.

What users want, is more privacy and control of where their notes and media goes, not less.

Laeserin 🇻🇦 4mo ago 💬 3

I am in mutliple groups that are STILL stuck in Slack, SimpleX, Matrix, and Telegram, and that's where most of my convos are STILL happening.

I might just host a Jumble and hard-code it to some AUTH relays and be done with it.

Niel Liesmons 4mo ago 💬 2

Jumble is the web app baseline now, for sure!!

What dev kit is it using for Nostr stuff? Custom?

nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl

Laeserin 🇻🇦 4mo ago 💬 3

The only problem I have with Jumble is that the Amber QR code is now so densely-packed, that my crappy phone can't scan it, but I can fix that with a fork that just uses thecitadel for Nostrconnect or something.

Laeserin 🇻🇦 4mo ago 💬 2

Just rented https://interstella.de for my pet projects. 😂

I love the Jumble UX. Just gonna tailor it a bit, for me and my frens, and run it with an AUTH Orly as one of the default relays, along with the GitCitadel ones. And add a Discussions tab hard-coded to the Orly, with kind 11. And add Kind 24 to the notifications. And...

Niel Liesmons 4mo ago 💬 1

Please continue... 😉

I'm way too curious where you end up spec/architecture wise if you play this out!

Niel Liesmons 4mo ago 💬 1

As in, if you only have the relay as the ID:

How do apps know you're handling the content types you do?

Laeserin 🇻🇦 4mo ago 💬 2

I have no idea. 😂

I just want something for me and my frens to use.

Niel Liesmons 4mo ago 💬 2

Same!

Would you mind testing sending a message with this thing I'm building for my frens, btw?

https://github.com/NielLiesmons/zapchat/releases/tag/test

Only that tho, the rest I'm obviously still building (or adding back in).

Laeserin 🇻🇦 4mo ago

Yeah, sure.

Laeserin 🇻🇦 4mo ago 💬 3

PASS

Find this color scheme oddly soothing, but greener would be better.

Niel Liesmons 4mo ago

Noted :writinghand:

Add #forest colooooors

Niel Liesmons 4mo ago 💬 1

Your profile color / hue is already green 💹

Laeserin 🇻🇦 4mo ago 💬 1

Yeah, but it could be surrounded by green. You can always have more green.

Niel Liesmons 4mo ago

I'll be overwriting the whole default color set I made with tints of the accent you select.

Easy. Is set up for it.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago 💬 1

it looks similar to the classic solarized light scheme that you can find in many theme systems. it resembles old school paper :)

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago 💬 1

my personal favourite is called "material oceanic" and it's a forest green, slightly blue, with teal accent and slightly off-white text. on GTK3/Gnome3 it was a theme called Adapta Nokto

as much as i can, i keep my entire desktop in this theme. it is soothing to me somehow.

Laeserin 🇻🇦 4mo ago 💬 1

I love Oceanic Next.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago 💬 1

yeah that one is more green than neutral though

haha i mean, it's kinda funny, i have been using this green based color scheme since like 2017... 8 years lol, omg. i'm such an old fart.

Laeserin 🇻🇦 4mo ago

I just spent an hour sitting on a bench at the graveyard, chatting with all of the senior citizens.

Same, bro.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago

i probably will sit down and write a paper on the subject of how relays solve the problems of privacy, asynchronous messaging and synchronous messaging in the context of the modern internet soon. at this rate.

i pulled a number of 10% out of my ass for the proportion of nostr users that need to run relays in order for the network to achieve the ability to be reliable, async, and private all at the same time in different subprotocols. i'm betting there's some DST formula that precisely expresses it, based on a network that is largely outbound only.

anyway, i'm running one, this is why i got a bug up my ass about building a relay.

Laeserin 🇻🇦 4mo ago 💬 1

Oh noes, that domain is taken. 😭

That was such a perfect domain.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago 💬 1

there is a lot of 4-6 letter TLDs that might work neat with interstella - something. interstella.bank interstella.wtf interstella.agent interstella.club

Laeserin 🇻🇦 4mo ago 💬 1

Yeah, but the .de addresses are included with my new webserver.

Laeserin 🇻🇦 4mo ago 💬 1

Instrstella.de 😂

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago 💬 1

instresting

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago

http://interstella.de/

it's not even got HTTPS on the server lol... probably wouldn't be expensive to buy off these squatters but maybe not so cheap either.

idsera 4mo ago 💬 1

You can click on qrcode so will open nostr:npub1am3ermkr250dywukzqnaug64cred3x5jht6f3kdhfp3h0rgtjlpqecxrv7

Laeserin 🇻🇦 4mo ago

I mean, when I'm on my laptop. I thought it was just me, but nostr:npub1wqfzz2p880wq0tumuae9lfwyhs8uz35xd0kr34zrvrwyh3kvrzuskcqsyn has the same problem.

Cody 4mo ago

I’ll try to optimize it.

Cody 4mo ago

https://github.com/nbd-wtf/nostr-tools

Niel Liesmons 4mo ago 💬 4

I need a typescript-dev-who-is-excited-about-communities collab 😉

nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr nostr:npub107jk7htfv243u0x5ynn43scq9wrxtaasmrwwa8lfu2ydwag6cx2quqncxg nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl nostr:nprofile1qy28wumn8ghj7un9d3shjtnyv9kh2uewd9hszrthwden5te0dehhxtnvdakqqgxxvqas78x0a339m8qgkaf7fam5atmarne8dy3rzfd4l4x6w2qpncu09muc

Anthony Accioly 4mo ago 💬 2

Just adding nostr:nprofile1qqsy40y0zl3suj0gh9sw4qs3elxxgjxvjz9hg8nlnqvlqehjwfrssjqpz4mhxue69uhkummnw3ezummcw3ezuer9wchszrnhwden5te0dehhxtnvdakz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09u979cgl to the mix at well. He is doing a lot of cryptography related stuff on Nostr but he is one of the good ones with lots of Frontend experience as well.

Niel Liesmons 4mo ago

What Frontt end?

#flutter crew? 🙏

Anthony Accioly 4mo ago 💬 2

Doxxing myself here but we used to work together a good decade or so ago when jQuery was the present, Reactive, Redux and Sass where all considered "the future", and folks were still excited about "Adobe Flex" for RIA. No idea about what he's doing nowadays or if it includes Flutter, Dart, etc. But he knows his JavaScript / TypeScript and is very passionate about Nostr in general.

Niel Liesmons 4mo ago

✍️ Noted

Anjhc 4mo ago

I'm using a lot of react and react native right now. Let me know if I can fit in.

Cody 4mo ago

I love the idea of relays as communities. Next, I’ll keep focusing on relay discovery, then wait for a NIP-86 relay implementation with a management dashboard, and for some great community operators to start running their own relays.

trev 4mo ago

Would love for this to come to fruition. Ironically, I think it will need a meta community to get off the ground. Kind of a federation of community/topic specific relays under a single domain.

nostr:nevent1qvzqqqqqqypzps66avdq3cr59kd6yq0vtjd2lvsh4m540y5vhrz6m3gnu804d66sqyg8wumn8ghj7mn0wd68ytnddakj7qghwaehxw309aex2mrp0yh8qunfd4skctnwv46z7qpqrdup525ypfn4mqz8cleu92vv0saxfnh9msayh770ue6kp07lkzdq2uqmh2

hzrd149 4mo ago

This thread is too long for me to catch up on but I am interested in building community apps. I'm limited to building small apps since I already have too many projects

I have a bunch of ideas (like everyone) but I'm distracted by building out applesauce. maybe once its "complete" (almost there) I will put more time to apps

verbiricha 4mo ago

i'm excited but i have lots of things to fix in nostr:npub1gm7gw8q6akeft2pjt270we35vlff0v9g2fene6cxkz2h68q5hl6qls0fte and have to finish implementing NIP-29, as well as spec-ing and implementing interoperable unread count sync. hands full rn.

Anthony Accioly 4mo ago

Fair take. I'm not trying to convince you otherwise or make you like Blossom.

Blossom is a tool. It has a purpose. And it’s not meant to be a universal solution for all media problems. That said, I just gave you two problems in the “Other Stuff” space which, IMO, Blossom can solve quite well in the post above. I also think it’s a good solution for sharing memes on Nostr.

I'm not minimising the fact that most folks don’t want their personal photos, etc., floating around. But… honestly, maybe don’t post them on social media to begin with? Not being dismissive of privacy concerns (on the contrary) but IMO, people should assume that everything they post will be replicated, stored, and used (with or without attribution) for all sorts of good and bad purposes outside of their control as soon as it’s posted anywhere. Somewhere at Meta, some scraper is downloading and feeding this content to their AIs. Social media is… social by definition.

I don't know if there are provisions or plans for something like NIP-70 (Protected events) or other sorts of privacy-related measures targeting Blossom (@npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr is in a better place to answer this). It doesn’t seem too hard to implement, but just like NIP-70, IMO, I wouldn’t trust it as more than a social contract and default library behaviour.

daniele 4mo ago

> What users want, is more privacy and control of where their notes and media goes, not less.

This is true.

I was explaining Nostr to a friend and this was the first thing he asked me.

For now we are still tuning the public space, private groups will follow.

hzrd149 4mo ago

> Most people don't actually want their media distributed all over the place. This is a solution that is looking for a problem, IMO.

Great discussion going on here. ill just jump in here and say that Blossom isn't designed to be a solution to everything, just as nostr isn't.

Its a solution for sharing and distributing "small" files publicly. for "large" files torrents are probably the best, and for private or personal files then traditional servers with access control and internal ids are probably the best

Initially my motivation for blossom wasn't to fix everything, just to finally realize the promise that IPFS failed to deliver on. which was hash addressable small files

Niel Liesmons 4mo ago

Good take. For #communikeys I find blossom absolutely awesome.

Because I allow people to target their publications to MULTIPLE communities (publication houses), I can just include the hash in their publication from Zapchat and each targeted community can just store their own copy of the media file.

When then someone comes across this targeted publications, the app logic on Zapchat's side is relatively simple because the first fallback I go look for are the servers of the targeted communities.

Imo, the community server angle is underappreciated in this discussion.

And putting media server responsibility by default in the hands of the individual user is as dumb as it is for relay management (#outbox).

Anthony Accioly 4mo ago 💬 1

Looking forward for it. I honestly thing that Nostr needs more of what CommunityKeys, NIP-29, etc are trying to do. Is there an easy way to join a public CommunityKeys server for now. I'm experimenting around creating dev communities where I can invite friends at the moment.

Niel Liesmons 4mo ago 💬 3

Yes: https://chachi.chat/c/660d8c78651f70487ec9b8ddc283e29cf2561693dda3ba246d3fd3c08dbb7083

And I'll send you a very first Zapchat APK to join that same exact #communikey later today or monday.

You android?

Niel Liesmons 4mo ago

Tbh, I'm only switching my communities to my own servers once I have my Badges access controls built in Zapchat;

Anthony Accioly 4mo ago

Joining. And yes, I'm on Android. Many thanks.

Anthony Accioly 4mo ago 💬 6

I'm still stuck with NIP-46 when logging in to ChaChi. Any known workarounds other than installing a browser extension or pasting my nsec directly?

Niel Liesmons 4mo ago

You can try this B.E.T.A. here:

https://github.com/NielLiesmons/zapchat/releases/tag/test

Who knows, it might already beat nostr:npub107jk7htfv243u0x5ynn43scq9wrxtaasmrwwa8lfu2ydwag6cx2quqncxg on that front. #slayyourheroes

Anthony Accioly 4mo ago 💬 3

Samsung's / Android department of Truth is giving me a hard time to install this one. I'll try to play with it later today (we live in a time where its sometimes easier than build from source than sideload an app lol).

Niel Liesmons 4mo ago

Ow damn, yes I probably need to have a domain that works for their verification stuff.

Will check what I can do.

Graphenes don't have the issue.

Anthony Accioly 4mo ago 💬 2

Walled Gardens everywhere 🤣. Great minds think alike. By 'later today" I meant once I get home and grab my Graphene flashed phone :). It used to be my "Nostr phone" but I ended up installing Nostr sruff on my daily driver as well. Unfortunately some of my clients limits their authenticator to a list of "normie", unflashed, non-rooted phones with dev mode disabled (don't ask), so I have to deal with the Ministry of Truth to have a roof over my head :).

Niel Liesmons 4mo ago

I just entered APK permission land for you haha. Learning, please wait...

Anthony Accioly 4mo ago

Sad, sad place unfortunately. Don't worry about me; I'll bypass it soon. But yeah, this and "Get it Published on Android store" land is sadly part of mobile development. As much as I love Zapstore, F-Droid, Obtanium, etc, it's hard to escape walled gardens.

Zaplab 4mo ago

You are in!

Good to see that at least that already kinda works for you.

Making everything snappier and adding notifications next week.

Already fixed quite some bugs we found.

Keyhan Alizadeh 4mo ago

🫣

verbiricha 4mo ago

oh i didn't know this, can you add a bit more detail to https://github.com/purrgrammer/chachi/issues/77 thanks!

Anthony Accioly 4mo ago 💬 2

Will do!

Niel Liesmons 4mo ago

Quickly pasting this link you asked for here since I have it open: https://wikistr.com/nip-communikey*a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be/nip-communikey*a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be

Anthony Accioly 4mo ago

Danke schön!

Anthony Accioly 4mo ago

Done. I'll try with nak later today :).

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 4mo ago

orly deletes. orly doesn't send your DMs to randos by request or on subscription. lol.

yeah, it's creepy alright, now that you point it out. like they are maybe somewhere in the process getting paid for this aggregation of the grumpy cats of the internet.