Nostr Web Client

Ryan is too smart!

Hey nostr:nprofile1qqsp3yzapfwkyw4cr2vt4xx9s27474lj2pkxhqyfqh79n826pv3fkzqpzemhxue69uhkzem8wghxummnw3ezumrpdejz7qg3waehxw309ahx7um5wghxcctwvshsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0fmrup6, look what I'm just about to do🥳🥳🥳.

Goodbye Toni 🥲

😂🙋🏻‍♂️.

I'm not really going to FAFO!

node 3mo ago

Bye bye Toni 🤣

node 3mo ago

Oh noooooo 🤣🤣

Coco_Ardo⚡🏰 ♻️🏳️‍🌈 3mo ago

awesome combination🧡

waxwing 3mo ago

How reliable is Orbot nowadays?

Arándano 3mo ago

nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgswaehxw309ahx7um5wghx6mmd9u2mk7fe would be great to have this feature integrated directly in #amethyst instead of relying in #Orbot .

#Amethyst has a very good TOR integration, no need for 3rd TOR apps.

Not sure if the internal tor can run a hosted onion service.

Dawn 3mo ago

nostr:nprofile1qqsdcnxssmxheed3sv4d7n7azggj3xyq6tr799dukrngfsq6emnhcpspz9mhxue69uhkummnw3ezumrpdejz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3kamnwvaz7tm5dpjkvmmjv4ehgtnwdaehgu339e3k7mf0stypnq ...do we want kind1s for #ndoc ? I don't know if the long vision encompasses that? Ryan is notoriously & brilliantly educating that way, though. 😅

liminal 🦠 3mo ago

i'm still thinking about how I'd go about organizing it, but yes Kind 1's are okay 🫡

We back bitches!

You should also see in citrine that there are multiple connections in citrine!

AU9913 3mo ago

MoneRogue 3mo ago

Now we just need the ability to self-host relays on I2P or a mesh network and Nostr is tyranny-free.

🇰 🇷 🇾 🇵 🇹 🇮 🇽 3mo ago

I like it. Use it too...

rodant 3mo ago

And as last step make the onion address known by your friends?

That's what setting it as your outbox does.

SatsAndSports 3mo ago

I don't understand 🤔

So you run a nostr relay on your phone, on the same device as your nostr client, but they will connect to each other via Tor? Why would you do that?

Or maybe the primary motivation is to allow other people - your followers specifically - to connect via Tor?

Does that mean that I should keep my phone connected all the time, in order that my relay remain accessible all the time?

I'd like to run such a relay on my Raspberry Pi. Any tips?

Laeserin 🇻🇦 3mo ago

I'm also trying to figure this out. 😂🤷🏻‍♀️

It's not clear to me, what I can do with this, that is more than using a localhost address. Can people reach my phone over tor?

Laeserin 🇻🇦 3mo ago

nostr:npub1ecdlntvjzexlyfale2egzvvncc8tgqsaxkl5hw7xlgjv2cxs705s9qs735 nostr:npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7 is this a security risk?

First impression is that it poses no more risk than running a normal relay on your phone and exposing it to the web. And it inherits any possible security risks in the relay code itself.

I don't see the utility for it. Why go through the hassle ? Why host a relay on your phone ? Just why ?

At least, conceptually. I have no idea if the implementation itself introduces new risks. I wouldn't bother with it.

Laeserin 🇻🇦 3mo ago

I host one on my phone, that fetches notes from my frens and allows me to read and write notes on the train (spotty Internet).

But I don't see the use case for exposing it to some wider network. That would raise the load in the phone, after all.

You're right. This local relay you're hosting has an assisting function. Anything beyond that for phone relays seems like an overkill.

You lack imagination.

You could run an old Android phone as a cheap & easy self hosted relay.

Self hosted DMs over Tor, leaving no trace of your messages on large relays.

Android is transitioning to be a desktop OS as well, making the power issues of phone use less of an issue. It's basically the same as nostr-relay-tray with the proxy settings enabled. I've been running that for a few days as well, it makes a fine outbox relay.

I entirely agree on this one. I'm someone who likes explicit control over my firewall and incoming/outgoing connections. I wouldn't want to be connecting to a bunch of random servers (relays), you never know which ones could poison your device. One buffer overflow in the client code (meaning the websocket client library or parsing code itself) and you have a RCE vulnerability. The same goes for incoming connections. I assume there is a localhost optimization.

One could setup a malicious relay could be built to trigger a known RCE vuln and every nostr client with the vuln would be pwned XD

For example, in my dream world, noscrypt becomes ubiquitous, there is an overflow somewhere that can be triggered by a malicious relay connection, now all nostr users running noscrypt are pwned simply by connecting to that relay. Same could be said for NDK, or aedile or any framework with a known vuln.

This reminds me of the 7zip vulnerability discovered a year ago which is caused by an integer underflow of all things.

That was a good one

It became a running gag at work.

Wait, what was the gag?

Without getting into details, we were somewhat impacted by this vulnerability. Every time there was a problem because of an overflow or underflow issues, someone would joke that we're endangering national security for example.

I see XD