You can’t verify what backend code is running, you can compile and verify what code is running on damus ios and damus notedeck. No backend to trust. This is 101 stuff man.
Discussion
Even if you looked at backend source code it could still get hacked and swapped out. This is a real concern. If the caching relay started serving zap addresses that didn’t match profiles… you could be sending sats to hackers on all profiles. This can’t really happen on iOS due to how code signing works, ios verifies binary signature chains from apple and the developer.
Immutable container runtimes are becoming more and more prevalent.
It should be possible to build a cryptographically verifyable container for every commit on Github, then automtically deploy that container to an immutabl container runtime engine in such a way that the entire live production backend could be verified by users.
nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr can you have the devs chew on this? I think its in Primal's best interst to put this type of concern trolling to rest.
Immutable container runtimes sounds powerful, however I don't see how it can be proved/enforced. Do you have any pointers to how they work? nostr:nprofile1qqswlew3yr0ses5slf6gwflmgkkysl926drdfu3f82cxn68srlz3nqgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3samnwvaz7tmjv4kxz7fwwdhx7un59eek7cmfv9kqz8thwden5te0dehhxarj94c82c3wwajkcmr0wfjx2u3wdejhgve4fay do you know anything about this?
Well container images are by definition immutable since you know what hash you are running on, if you pair that with remote attestation you get crypographically provable environment which is also the fundamental part of confidential computing
1. Client code *can* forge posts and swap zap addresses.
2. Server code can augment the #Nostr experience in ways UI-only clients can't. This is why #Primal is winning.
3. Attestation for live server code is a real issue, but with primitives like runc/containerization, something like this is getting closer to being possible.
4. #Primal could rug their users using a rogue build on the server just like Damus could on the client. The reason these things don't happen is that the risk is destroying the project's reputation and the return is a paltry sum.
This is 101 stuff man.
note156x0nyw5wlthztyne4uaekvffu9hhmh7lhl5u3yskkvksvkavhxsmvp48h
Theres nothing primal is doing right now that can’t be done with a no-backend client.
The hack risk of your client trusting zap addresses from a trusted backend is too high, money could be sent to the wrong place, this would tank nostr’s credibility.
A centralized server has complete control over what you view, they have censored users on the past on trending.
They have complete control to manipulate follow counts to make people look more popular and others not, the counts don’t match up at all with other indexers.
The server can go down leading to the app not working, leading to people viewing nostr as unreliable.
The wallet is heavily kyc’d and doesn’t work in many places including where i live.
The system is very brittle, and is set to implode the second they run out of money, and can easily lead to a very easy to censor experience without much effort from governments and ISPs…
but hey, what do i know, im just a “butthurt dev”
Look, I'm trying not to embarrass you, but it's clear you don't know what you're talking about.
It's not 2000 anymore; servers have immutable, verifyable runtimes that can't be hacked the way you are talking about.
It is possible, just not common practice, to provide full attestation of server code so that users can verify (byte by byte) that build A is running in immutable container B.
note156x0nyw5wlthztyne4uaekvffu9hhmh7lhl5u3yskkvksvkavhxsmvp48h
Primal doesn't need your permission to make a full stack client.
They can and should provide end to end attestation, from source to live production instance, of their server code.
Users aren't locked in in any meaningful way. Easy on, easy off.
sorry, you have no clue. There is no such thing, even if there was, noone is running that tech. There is a 99.9999% chance most code is running on mutable architecture. Do you just make stuff up to sound like you know what you’re talking about?
At damus we run the closest thing to immutable architecture (nixos), but its always mutable, you can always run whatever you want once your’re in the machine, unless you have some custom crazy os and hardware like apple private ai.
It is completely possible and the fact that you can't be honest about that says a lot.
1. Containers are sealed and verifiable, cryptographically, down to the last byte.
2. Immutable container runtime engines exist. I haven't been in the scene for a few years, but both AWS and Google Cloud were experimenting with such things before I retired.
You're flailing.
Cool i will wait for this magical system to be in place where a client verifies attestations from a container, i dont see what this gains over certs and how the client would know what attestations are valid without trusting the server anyway.
Clearly you don't.
You sound like a jerk more than you sound helpful.
Did you “retire” or did you get fired for harassing the manager and telling him how bad of a job everyone was doing?
I'm not the one campaigning against a competing project using dishonest claims.
I don’t see your counter argument
It appears jb’s method would work - dumb relay, smart client. That’s what nostr is.
If you’re proposing a highly auditable smart relay, then I’m out. That’s btc cash or alt mentality. Plebs will run the network. It needs to scale. We aren’t going to run some new AWS-tech in our garages that you only barely heard about unless you can provide links and show evidence
we need gossip to scale and decentralize nostr too, plebs running nodes is the path forward. I really don’t even see how a single proprietary relay even works at scale, unless it’s just bluesky and twitter all over again.
You clearly weren't around since the beginning. Primal is to nostr what Coinbase is for Bitcoin. The dark side of the yin yang. the necessary evil universal balance requires.
I was, but I simply disagree with that characterization.
It's true that the purity group think has imagined #Primal to be some threat, but actual engineers can think through it and see: it's just a full stack client.
Codebase is actively hostile to user funds. I use #Primal every day; in what way am I being exploited or trapped?
You don't have to agree, which wont change my opinion, same as you don't agree with JB.
nostr:nprofile1qqsr26r4lltjnvrwadxp67ns58m4qpzaqemhf5sup7hlujhjh7t296qprpmhxue69uhhqun9d45h2mfwwpexjmtpdshxuet5qy8hwumn8ghj7mn09eehgu3wvdeqzrnhwden5te0dehhxtnvdakz77f8s05 shut up!!! you left uss alone building on nostr in the hardtimes. Don't get involved 🫂
Primal clients read from the caching service and write directly to the user’s relays. We chose a set of tradeoffs based on what we are trying to accomplish: best UX possible. We’ve been very transparent about it from Day 1. See my blog post from March 13, 2023 - the day we launched Primal. I still think that caching services are not only great for UX, but also a legitimate way to help scale Nostr once we hit millions of users. They could even improve censorship resistance, since anyone can stand them up and create more copies of Nostr events.
Having said all that, the Primal stack is evolving and becoming more capable on the client as well. One can imagine peer-to-peer transfers between clients that have client-side databases, like Primal for Android. I think Nostr will have it all: relays, indexers, caching services, client p2p transfers. It will be very hard to stop.
Claiming that there is only one way to properly build Nostr clients and that everyone must choose exactly the same set of tradeoffs is silly. For example, gossip/outbox purists might take issue with how Damus works.
Everything we build at Primal is open sourced under the most permissive MIT license. I believe we offer the only open source indexer for Nostr (someone please correct me if I’m wrong). Anyone can stand up and run their own caching instance. Other projects have done so in the past. Primal users hold their keys and can move to another client at any time if they don’t like how our product evolves.
On a personal note Will, you constantly fud Primal. You tried to cancel us before, joining semisol’s cEnSoRsHiP nonsense campaign. Your latest initiative - trying to impose rules on what can be called a Nostr client - is also an attempt at cancelling. I don’t know what to make of it because you are always very friendly in person. We spent a considerable amount of time together, and you never raised these issues with me face-to-face. Why not? On the contrary, you always seem to have kind words for Primal when we talk.
I’ve never said a bad word about Damus or any other project. I want to be on good terms with all Nostr builders, but you are making it hard with posts like this.
🫡💜
🫡
I think he's just giving honest criticism of the tradeoffs and is probably annoyed that someone is claiming to understand all of the tradeoffs while writing off some deficiencies as inconsequential.
I use both clients, they keep each other in check.
Since you've chosen to call out Will. Tell us why he was booted from the main stage in Prague while Primal literally took over the stage and booth? Or, tell us why funding was held back by a certain platform (where you apparently have a seat on the nostr grants board) felt that it was time to support Damus only AFTER the human rights foundation stood up? Or, should we talk about comments dropped about Will during dinner events in Prague?
"I’ve never said a bad word about Damus or any other project" - bullshit
Will and Damus weren't booted from the stage. In fact, from the very beginning talks, when we were working on the program, we had Will on the panel.
Will decided he did not want to participate on his own. He felt that people were buying main stage talks. He didn't like how the packaging of booth and stage content were merged together.
I was actually saddened by this. I had been speaking to Vanessa and trying to get him to come and have him participate in all of it.
On a side note, I specifically remember one video call where nostr:nprofile1qqsdv8emcke7k3qqaldwv956tstu40ejg663gdsaayuuujs6pknw7jspp4mhxue69uhkummn9ekx7mqprpmhxue69uhhqun9d45h2mfwwpexjmtpdshxuet5qyf8wumn8ghj7ur4wfcxcetsv9njuetnn9mexk said "c'mon, it's Will, if course we have to have him in stage for this panel."
Sadly, I just couldn't make everyone happy. I tried my hardest.
As for comments about Damus or Will at dinner, that wasn't a dinner I was at or heard.
Will is my dude and will always be my dude. 🫂🫂🫂
Still waiting for you to reveal those tools for being done with Gleason's bridge bullshit that you said "we" already had as of last night. Were you lying and gaslighting and wasting time because your bullshit was being called out aggressively, or did "we" really have those tools all along?
hey man. I decided to open Primal and I saw this reply. Primal doesn't follow my mute list on Amethyst. so yes, the tools do work quite well, depending on the client. as long as I continue to use Amethyst, I'll continue to never see your notes. as I said yesterday, the tools we have do work quite well. I was wrong in implying that they work on all clients though. some implement mutes differently. sorry for the confusion there.
No confusion - you were bullshitting. I will continue pointing this out. Ban me or kill me over it you fucking glowie piece of shit
There may be a "nostr community" today because nostr is small. But nostr is not designed to be, nor will it stay a small cohesive community. Any number of communities that are at total odds with each will exist on nostr as it grows.
I think you either replied in the wrong place or misunderstood something, this doesn't seem to connect
That final sentence seems so insincere, it almost feels aggressive.
Be better.
🤮
Don't know which echo chamber you're a part of, but everything you said is pure imagination. See Derek's response about the booth. Funding? Me sitting on a grants board? LOL. Never have, nor have I ever applied for a grant.
Same echo chamber as the people who've told me this. You know, the circle of Bitcoin whales and/or OGs is very small. So you're not on the board, fair enough. Step down from your horse, you're not flying as high as you might think.
nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr see, eventually people start to see the details adding up. Misleading… that’s what you are. So was your marketing, so are your investors, so are the other projects they fund. Misleading
If the primal client isnt ALSO writing to the caching relays this will continually lead to people's replaceables (follows, lists, etc) inadvertently wiping out what the user wants it to be. Your caching service is NOT UPDATING at an appropriate pace for this flow model
This is not right, keep a friendly attitude.
For the record I use both clients and will continue to use both.
I was a Damus maxi at heart but over time the features became stale. All I can do on Damus is scroll notes and zap. It did absolutely nothing for content discovery.
I was then intrigued about primal after hearing all the great features the team was building on Odell’s pod.
Once I tried primal the user experience was much better. I paid for legendary status to help fund development and enjoy any new features the team comes up with in the future.
But the beautiful thing about switching clients is I was able to recover lost DMs that were no longer showing up in Damus. Plus all of my notes and contacts were intact. Switching clients doesn’t mean the other is useless. I am sure once the Damus team starts to focus on discovery I may switch back and contribute funds to that team (which I have I am team purple!)
I say this because I am thankful for the development of both platforms and discussions like these I hope will end well for the user with more robust features and the overall preservation of freedom.
Accusing Will of fud and cancellation attempts looks weak.
Seems like it makes more sense to just call Primal a nostr mirror instead of a nostr client. If what you're doing is better than what other clients are doing, what's wrong with recognizing it with different wording?
“no different than twitter” is weak FUD that needs to be called out
Dear nostr:nprofile1qqsdv8emcke7k3qqaldwv956tstu40ejg663gdsaayuuujs6pknw7jspp4mhxue69uhkummn9ekx7mqprpmhxue69uhhqun9d45h2mfwwpexjmtpdshxuet5qyf8wumn8ghj7ur4wfcxcetsv9njuetnn9mexk about friendship I, on the other hand, would like to understand why you gave me the nip-05 isolabellart@primal.net and direct link https://primal.net/isolabellart and now you tell me that being an early adopter I will get it for free only until June 2025 and then I will have to pay.
In my house gifts are not paid for.
Have a nice day 🫂🎨
Beautiful said and I reel the same. That’s why I got yearly at nostr:npub12vkcxr0luzwp8e673v29eqjhrr7p9vqq8asav85swaepclllj09sylpugg and struggling to find value at current current on why to upgrade with nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 though I do use Damus more because of the NWC is smooth for my connecting with my node. Plus the UX on Damus looks and feels better. Primal is better in most other aspects I would say so I use both. Damus mostly on phone and primal on desktop because notedeck just isn’t Giving right now.
- Yogi
Options are good. Open source is good. Vigilance is good. Criticism is good. FUD’ing is beta coded drama maxxing that demonstrates a lack of emotional control
If it makes you feel any better i would levy the same criticism against any other client that has a centralized relay that it reads from. Maybe just make this more obvious to your users so I don’t have to continually troubleshoot their issues every day.
It's very obvious in our network settings. Which Primal users' issues are you dealing with every day?
Can primal please show reactions. It must be frustrating for users to only see + and 🤙 while they receive many more.
This honestly is my biggest desire right now for Primal and the single thing that keeps me using Damus and Nostrudel if I'm on mobile or desktop.
It stinks because people are engaging (even if it is negligible) and I'd like to be able to return volley.
Primal including other reactions would also make nostr's network effect less biased in favor of centralization-minded people.
Right now, Primal's trending feeds are basically nostr's biggest content discovery system, and the trending system is biased to favor the opinions of people who use Primal instead of apps that support emoji reactions, since Primal doesn't count those reactions.
This meme I posted a little while ago is a good example. It currently has no engagement according to Primal, but nostrudel shows 2 reactions from 2 different npubs, which would generally be enough to get into the 1h Trending feed these days, possibly attracting more engagement. It's a subtle bias with a strong effect.
Important caveat: it's possible that if these reactions were counted, then 2 wouldn't be enough to get into Primal's trending feed anymore. But it often only takes 1 reaction, so it couldn't be too far off.
My DVMs still count them. They are available in primal. At least those who are not personalized.
I’m sorry miljan, but for non-tech people it’s not obvious from the network settings.
I may not be a developer, but I wish I had known this before subscribing to the premium
What kind of issues do users raise that are caused by using both primal and damus or between users of each? cc nostr:npub1zafcms4xya5ap9zr7xxr0jlrtrattwlesytn2s42030lzu0dwlzqpd26k5
Your passion is showing. You're critical because you want what's best for Nostr.
You could have just said your autism is showing but ill take it
Dude, it has taken me years to figure this out. 😂 I am overly anal about some things and I used to just think I'm just an asshole sometimes, but now I understand. And it's thanks to me being a father and witnessing this with my son first hand. Sometimes we just get hyper focused on minute details.
Still waiting for you to stop doubling down on gaslighting and time-wasting. Admit those are what you were doing here, not merely being "confused" - and if you want to apologize, offer substantial help with the same power you've abused here, or a relinquishing of that power, instead of empty words.
nostr:note1tmqd0zsehqw2cnw3vdmvrejj9p7am03xv6r68zmqv2cecl86dwwqke8gqe
👆this is how you respond.
The last sentence is perfection.
🍿🍿🍿🍿🍿🍿🍿🍿🍿🍿
Can you write docs for the caching service?
Yes, we need better docs. We try to make it easy to stand these things up from our repo, but definitely hit us up if you need help. We've helped other teams stand them up in the past.
You know what else stores the whole network's data multiple times? Bitcoin.
The worst case scenario for Primal is that it becomes like the Bluesky BGS. But that is a hypothetical fear. And it's also a best case scenario? Because we would have a ton of users? But importantly, apps like Damus already exist, and a foundation is laid for a "free" side of Nostr that will never work perfectly but will serve a community who truly needs it, which will continue to grow. Both are inherently needed, and that is the true power of Nostr.
💪🏻🔥🫡
does the caching service use a user's relay list to build the cache?
I have started using primal, when not in wifi, since today because the cache will use less data than Amethyst.
That said, if it's not caching every relay every user uses its a pretty significant tradeoff and centralising force. it would be good if users could see which relays they read from are being cached by Primal.
How can you be tryi g for the best UX when you don't have amber login?
nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr this could of interest to you as feedback:
https://primal.net/e/note1a6je0n5kv6ee5kk4c3pk7rstgmghrk98xx9cs7thz9s5nj6p46dshd7zl5
👆I knew I was right about Primal.
I’m a Damus maxi. Always will be.
Damus goes south, I go south. Literally. I’m thinking of moving south at some point.
Hi. Conveying important ideas to many people can be more difficult than it seems and there is a high risk of not being understood or putting the emphasis wrong. Put your ego aside and try to think about the common users and values, if you want to build something big or convey your concerns. Otherwise, everything will be as before, and is it worth starting then.
> The hack risk of your client trusting zap addresses from a trusted backend is too high, money could be sent to the wrong place, this would tank nostr’s credibility.
This is an argument against zaps. They add nothing but unnecessary risk.
I thought the zap addreses where stored in a local cache. having it in the backend would be innecessesarily wrong, I give you that.
Their should be different sources of indexers and should have a Merkel root that contains all events that attestate for each post so u could audit it.
Primal still does t have amber login when the feature was requested a year ago and many smaller clients have that feature.... It's improper when key rotation doesn't exist to have users pasting their nsec all over town #nsex
Primal is the macOS of nostr clients 🤮