Can people stop doing this shit please?!
If you want to “help the network” get in touch with a dev and organize a test with their collaboration.
Indiscriminately carpet bombing the network isn’t helpful.
nostr:note1e6uu78anc5humuyu97t8j7euw4pw8x9usjyx2uz70f975c2twp6qq7ctpa
I think this is where I'm largely landing on the issue.
The Venn diagram of technical capability and intelligence doesn't necessarily overlap very much.
Some people just want to watch the world burn
The devs should be organizing these tests themselves. Tests like this should be running all day, every day, fully-automated on a build server.
Load tests, penetration tests, interoperability tests, speed tests, regression tests...
Can't set up a communications protocol and then skip testing the communication layer and just spend all day on custom emojis and trendlists.
Along with all the other things people are asking for… most nostr devs are one person shows. There is no build server. There are few automated tests. Things are still changing too fast for that stuff imo.
I have alternative facts.
Maybe Nostr needs more teams and fewer lone wolves.
It'll get there eventually...
I wish I had help. Lol so many of the tools that exist are just not up to snuff and I can't rely on them to build what's I need. So I'm building it all.
I suspect we'd have more luck forming teams, if the people forming the teams aren't devs. Devs always think, "I'll just build it all, myself." Someone who needs help building, will look for help.
Yeah a lot of devs don't naturally have product owner/project manager skills. Collaboration requires the product owner to precisely define the work to be done, to delegate it, and to validate the results. This can be done with project teams or it can be crowd-sourced via bounties/contract work.
Part of the problem is related to funding. Projects that have a lot of funding should set some of it aside towards bringing on extra devs for collaboration (and some are, Damus and Amethyst both allocated some of their grant funds towards expanding their teams or paying out bounties). However, when a project is only funded enough for one dev working on it full time, there's not going to be any cash left over to support additional contributors.
Yup. 100% true, it will come.
Patience…🙏
Start with the assumption that they’re NOT doing to be helpful and fortify against it. Whining accomplishes nothing.
Fair. However, the work to create problems vs “fortify” against them is tremendously asymmetric.
The more important point here is that no matter what the motivation, these sorts of attacks are unlikely to lead to a more resilient protocol at this stage.
Ok but it’s happening so now what? When has asking a bully or attacker to stop worked when the thing they enjoy is the power their actions give them over you? I’m not directing this at you specifically, but I’ve seen a LOT of whining from multiple devs over this. It’s annoying I’m sure, and so being annoyed by it is fair. But now what? Complain and hope they stop? Again, not directed at you individually. If it’s as big a problem as it is made out to be, then what is the next step to fix it? Surely it’s not to simply wish the person would stop.
I hear you (and no personal offense taken). What often happens with this sort of thing is that devs will mostly just throw in hacky fixes (like hardcoding pubkeys or names) instead of coming up with real thoughtful solutions. 🤷♂️
Maybe run it once, just to make sure it works, then contact the devs and say: here's my exploit. Please fix it. I'll disclose it on github in 90 days. (that's what researchers do with major comercial software, afaik)
Definitely not leave it running full blast for weeks on end without saying a damn thing, and going out of your way to subvert countermeasures.
