Avatar
Freakoverse 4d ago 💬 6

Worked today on figuring out methods to prevent a spam attack vector on DNN node relays, and on the way improving one part's UX.

80% done, 20% tomorrow (it's almost 4 am =P)

A bit more testing after that, then I want to work on 'username and password version 2' and have fun with that (it's been on my mind for a long while and i really want to do it x3), basically a fun but productive break before i move back to the boring stuff.

Side note:

While thinking of that username and password v2 thing, I realized there's a security and privacy issue with with that process in general for everyone (extension or remote signer or other), a trust factor between you and the nostr client you're using, where even if you go 'one approval per any action' and have no auto-approvals, so they can't sign something on your behalf maliciously, they could potentially read what you decrypt. Yes open source and people would know etc but there's a delay, and that delay can cause damages.

I already thought of a quarter-baked solution to this (something about having a user-generated/controled layer between the user and the client where only it renders the results and handles more approval sequences), but my plate of things to do is already overflowing so i won't be doing it x3

Maybe in the future / hopefuly i remember this issue.

Reply to this note

Please Login to reply.

Discussion

Avatar
makomichi the wolf of weeb street 4d ago

A 51% wolp attack on DNN 🥸

Avatar
Freakoverse 4d ago

That's a good thing...

That's a bad thing...

No. Good thing...

No! Bad thing!...

Hm... x3

Avatar
nout 3d ago

Do you have a summary with diagrams of what it does? 🙂

Avatar
Freakoverse 3d ago

Which?

The spam-resistant thing for DNN?

DNN as a whole?

Or are you asking about the 'username and password v2'?

Avatar
nout 3d ago

I think DNN as a whole. I don't really know anything about it.

Avatar
Freakoverse 3d ago

There is this readme:

https://git.nostrdev.com/freakoverse/DNN/src/branch/main

But, if i'd want to explain it in gist here:

With your nostr address, send bitcoin to yourself with a minimum fee vByte rate of 5 (so basically $1, and can be adjusted in the future to keep it around that value), publish 4 nostr events (working on making that a 1-click action), and you have an ID like nABCeAbsurd.

That ID can be used as a replacement for a NIP-05 handle on nostr (as it's an ID you actually own and tied to your npub forever, unlike normal domains).

And that ID is basical a TLD (like .com), so you can have basically unlimited websites per ID acquired. (freak.nabceabsurd, banana.nabceabsurd, etc)

There's a lot of second-hand solutions/benefits/value behind this that can be talked about for an hour or so, but that's about it / the simplified version.

---

I looked at all the other past attempts that tried to be a alt to DNS/IPs (ICANN), and this one doesn't have any of their cons and seems like the actual best attempt at bringing about a the second version of the (freedom) internet. The closest to do so was a protocol called Nomen (bitcoin+nostr also), but it also had some issue. DNN doesn't have them =3