also, it's worth pointing out that with the hemorrhaging of userbase like this all those fancy pants are gonna be extra shamed out of this because they had plenty of time to make the system more resilient
Discussion
Theduck said he hoped it wasn't too disruptive. I was just offering some input on how to, perhaps, be less so, if that was a truthful statement. That's all.
yeah, it was disruptive, but he says he not replyguy, i only even saw one of this dumb things, didn't seem that big a deal to me, just some nutter
i mean, honestly, the replyguy notes are easy to recognise, all of them have the URL of the relay they were posted to at the end of them...
i think that replyguy actually has highlighted the fact that the majority of nostr client devs don't have basic programming skills like writing regexp
Why is this on the client devs and not relay operators?
Seriously, no client dev should be writing specific spam regex.
outbox model is client side, it's key to decentralization as well
write permission for relays is a separate thing, that's to conserve their resources
for example, and why i currently am not using coracle, it reads from relays in my follows lists, of which many of them include the relays targeted by replyguy, damus and primal being the two i see most often
why should it be reading from relays that aren't in my relay list, of events that are not of my follows, or my follows follows?
the default posture should be conservative for this client behaviour, so this is an example of how client devs need to take part in it
nostrudel is the best for fully implementing outbox model, IMO, though gossip and coracle both are not terrible
regex is too complicated and if not properly done, without following the basic foundation of programming, it can be a disaster: a) audit and continuity b) could open to a can of vulnerability. 🙈😬
if it is true, those clients are f*cked! 😬 or we are f*cked too 🙈 I have been asking if anyone has done red teaming (pentest) on nostr. 🤞🤞🤞Any takers from our anon friendly white hats? ☺️