Nostr Web Client

Hey nostr, I was the "emoji" spammer and while it probably went overboard my hope was to help incentivize people to help solve the spam problem. That's why it was targetting devs. Hopefully it was not too disruptive to ordinary users.

Anyways, I think the point was made and some good discussions have started so I've gone ahead and shut it down. If anyone is curious I can share the code.

BTW I'm not the "ReplyGuy."

nostr:nprofile1qqs8d3c64cayj8canmky0jap0c3fekjpzwsthdhx4cthd4my8c5u47spz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzemhxue69uhhyetvv9ujumn0wvh8xmmrd9skchd02dz nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzpmhxue69uhkummnw3ezuamfdejsz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qdwkdtx nostr:nprofile1qqsqgc0uhmxycvm5gwvn944c7yfxnnxm0nyh8tt62zhrvtd3xkj8fhgprdmhxue69uhkwmr9v9ek7mnpw3hhytnyv4mz7un9d3shjqgcwaehxw309ahx7umywf5hvefwv9c8qtmjv4kxz7gpzemhxue69uhhyetvv9ujumt0wd68ytnsw43z7s3al0v nostr:nprofile1qqsw9n8heusyq0el9f99tveg7r0rhcu9tznatuekxt764m78ymqu36cpz4mhxue69uhhyetvv9ujuat50phjummwv5hszymhwden5te0wahhgtn4w3ux7tn0dejj7qg4waehxw309an8yetwwvh82arcduhx7mn99uuwx66a

Reply to this note

Please Login to reply.

Discussion

SPA (Super Phat Arrow) 1y ago

I'm curious to see the code

theduck 1y ago

https://pastebin.com/4LKFsS7L

Derek Ross 1y ago

Thanks for making Nostr stronger...

The Asunción Times 1y ago

Who is “Reply Guy” then, if not the duck?

theduck 1y ago

I have no idea, but might be somebody who wants to highlight which relays are not filtering spam well (hence why it says which relay it came from)

Dan 1y ago

Good duck 👍

Alex Gleason 1y ago

Are you the AWS server or the Colorado one?

theduck 1y ago 💬 1

Both, I was using a VPN in Colorado at one point. Sorry if things got a little out of hand, and much respect for handling it really well

Alex Gleason 1y ago

You know what would have made this whole exchange better? If you were talking to me the entire time you fucking retarded coward.

Angela 1y ago

You’re not challenged nearly as often as you should be. It’s made you harsh to viewpoints that aren’t your own or in those of your circle. Missed opportunities to take it in and grow from it.

rabble 1y ago

Hey now… nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 that’s a pretty intense take. We’re building a system which is going to face much more direct and underhanded attacks. Having friendly red teaming of Nostr right now, is good. Sure, it was frustrating, and it could have been better if it was in the open, but future adversaries aren’t going to do that.

Jake Woodhouse 1y ago

Seems reasonable

Colby Serpa 1y ago

💯

47 1y ago

Absolutely. Best thought of as helping nostr to improve. This is nothing compared to what will come if nostr continues to gain more traction

techfeudalist 1y ago

💯

Lady Mae - Growth Teacher 1y ago

So pleased nostr:nprofile1qqs8d3c64cayj8canmky0jap0c3fekjpzwsthdhx4cthd4my8c5u47spz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzemhxue69uhhyetvv9ujumn0wvh8xmmrd9skchd02dz for this sensible take. I can see why some may not see the positive side of this esp if it is their work or their "baby" is at stake. But greatness requires moving past your pride and ego. 🫂 Whilst it is frustrating, sometimes tough love is required to accelerate the discussion esp if it is common knowledge within the tech community that it is a problem. I'd say, I'd prefer to have a friendly red team than a malicious one. Yes, it is frustrating to the non-tech but we are also early adopters so we have high tolerance for this eventuality. In the end, we are hoping to see a solution that will not compromise the foundation of nostr - censorship resistant. ❤️👌

Melvin Carvalho 1y ago

Red teaming is one thing, but what these people did goes beyond that. They're not adversaries testing the system—they're criminals, effectively stealing time and resources from devs who are already struggling to keep things running. It’s not just frustrating; it’s actively harmful to people trying to build something good, especially when the attacks are done in secret

Deleted Account 1y ago

Been saying for months that narrative warfare never takes a break. It will get worse. This is the nature of any #war. Information war is just another one. #AI will continue to get more targeted. Many won’t know if they are speaking with a human or bot 🤖. To be fair it’s already been happening for years but will continue to imbed in all systems.

Again, how humanity deals with #AI the next 10 years will echo for generations.

Already gave my empathy & explained my views to nostr:npub1vj0wlergmkcs0sz7hfks2ywj555c2s87f40squ4sqcmqpr7897fqn6mfew on this.

Orange Crush 1y ago 💬 1

That the time and resources can be stolen so easily is the problem.

PPN (pay-per-note) is the future.

Otherwise all incentives will align with centralization and walled gardens. The cypherpunks knew this. Bitcoin is the base layer to a larger decentralized solution.

As of now, 11.2% of Genesis-000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f branch realities have already figured that out.

When will we?

BTCrevolutionary 1y ago

Bro calm down. He did it for the betterment of the protocol. Imagine when state actors try to compromise nostr and make it unusable…

Ryu Santiago 1y ago

Yonle did a bunch of shit to draw attention to Nostr's weak points, yet all he got was relentless shit from the majority of developers and users while having his technology unfairly targeted to the point of saying "fuck Nostr" and leaving it entirely.

Fuck off, Alex has a right to be mad as hell right now.

Deleted Account 1y ago

🤣🤣🤣

nbyte 1y ago

Think of it as free beta testing. If one bottom feeder can break your relay, you have serious work to do.

BTCrevolutionary 1y ago

Exactly, we need people attack nostr all the time to make it stronger…

Deleted Account 1y ago

When? My assumption is they are already here. Why? Governments who seek to maintain control always seek out anything that stands against it. #btc & #nostr both challenge modern society.

Once Jack Dorsey endorsed this place it would have definitely been monitored if not before then.

Slimer 1y ago

🤨

cypherhoodlum🏴‍☠️ 1y ago

Really not doing yourself any favours here Alex. Think of this as someone disclosing a critical security vuln in 99% of the apps in an app store. Some apps won't patch until forced to do so. Pure white hat reporting just wouldn't work. And like others have said, this spam could be much worse if truly malicious.

Sourcenode 1y ago

Control issues

Kim Stock 1y ago

So you are a BOT thank you for the inspiration

Roswell Flatts 1y ago

Speaking as an ordinary user I never experienced any spam, thanks.

Deleted Account 1y ago

THIS IS GOOD 😊 to hear.

arkinox 1y ago

nostr:nevent1qqs2zkuzuuvzd8y330yug8mwj97wqhxw3njm4c98y987h37nd0alxlcpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qgj79sm9n8z4p3klueytek6gak6yqncrj2av0rguyx7c0whumsuwsxpqqqqqqzrxdul0

Onyx👸🏻 1y ago

Interesting.

hzrd149 1y ago

I appreciate that you've come out. And I also appreciate that you were considerate. enough to only target devs.

However no dev ( myself included ) likes having their app exploited. Especially when they know it's broken. So you saying that the spam was worth it to start a discussion feels like gas lighting. because many of us already knew that spam was going to be an issue

All that side I will swallow my pride and admit that it did quicken the discussion of how nostr clients can deal with spam. And did force me to reconsider some things in my client

Deleted Account 1y ago

Well said.

Hoshi 1y ago

forcing (not offering) your opinion on to everyone else and make them do your work for you immediately when you want it done is so not nostr.

Nunya Bidness 1y ago 💬 2

I most definitely want to see this code.

nostr:note159dc9eccy6wfrz7fcs0kaytuupwvar89hts2wg20a0rax6lm7dls6zq0zc

Jetty Nakamoto 1y ago

omg replyguy is terrible...

protocolSociety 1y ago

nice! this is how we solve the spam issue: https://github.com/baumbit/peercuration?tab=readme-ov-file#peercuration

calle 1y ago

Oh.

Hodl Harry 1y ago

Takes balls to admit 🫂

franzap 1y ago

behind a duck? not really

Hodl Harry 1y ago

At least the truth came out. That's what matters

Deleted Account 1y ago

Why? 😂 Admitting that you threw out a fire strike to make the ecosystem stronger shouldn’t require this.

cypherhoodlum🏴‍☠️ 1y ago

Nostr needs red teamers to flourish. One type of spam makes devs lazy with filtering ✌️ WoT based filtering is the robust answer

cypherhoodlum🏴‍☠️ 1y ago

Is this a throwaway identity or should I follow?

Anders 1y ago

nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx nostr:npub1guh5grefa7vkay4ps6udxg8lrqxg2kgr3qh9n4gduxut64nfxq0q9y6hjy would love if this was on the rhr list this week!

Silberengel 1y ago

Thank you for your service, sir.

Raymon 1y ago

Only no publicity is bad publicity 😃

Good to hear you're done now.

Chiefmonkey 1y ago

No pain no gain… real enemies are going to try and take you down, not polish off and improve things

Embrace the chaos

Deleted Account 1y ago

FACTS!!! Boots on ground formerly. Learning cyber warfare to be of service to humanity.

7fqx 1y ago

Are you now working on solutions?🤔

Sebastix 1y ago

"Hopefully it was not too disruptive to ordinary users."

You failed on that on nostr:npub1gj79sm9n8z4p3klueytek6gak6yqncrj2av0rguyx7c0whumsuwsq6scaa

What did you in advance (solving the spam problem) before taking action unleashing that amount of spam?

nostr:nevent1qvzqqqqqqypzq39utpktxw92rrdlejghnd53md5gp8s8y46c7x3cgdas7a0ehpcaqqs2zkuzuuvzd8y330yug8mwj97wqhxw3njm4c98y987h37nd0alxlc4za3mt

Dawn 1y ago

If your intentions weren't malicious, it's worth pointing out that this was poorly timed. New people from back-to-back conferences, the telegram thing, and the Brazil/X thing probably hadn't even a chance to figure out how to manage relays, let alone how to manage spam.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

it was more effective than my 9 months of saying "wen auth" tho

Dawn 1y ago

I'm just saying, as an ordinary user, maybe try to minimize harm, if strengthening is the goal. This would have been just as "effective" during a period of stagnation.

Deleted Account 1y ago

An ordinary user below said they weren’t effected. It appears this was a targeted attack against only developers.

Truly malicious actors won’t care.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i think the latent frustration behind these "attacks" will become clear in coming weeks

me, nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj and nostr:npub1f0restzwusrck2k62dq2ueelrrfmdfnyk8uhart8n8nqwn94cwwsppm0sa have all been shouting about the culture problem in nostr dev

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

and yeah, if it had been me doing this, i'd only have spammed replies on threads of the devs, because they are the ones most impervious to the message

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i also don't agree with the retarded indiscriminate nature of the spectacle, it could have been a lot more selective, because it drove away a lot of tentative newbies

Dawn 1y ago

The "civilian casualties" could have been reduced 😅 Not a single one of my adoptees has stuck around through this.

Ifs, buts, and coconuts & all that... timing is everything. I know how it is to have an idea & want to act on it right away. It's not always the best decision to do so.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

well, i'm not apologising for it, i'm just saying that i had been warning about this

what is even more hilarious is the people doing it are doing it to make a dig at the devs, but not being very selective (they should have just been targeting their npubs only, IMO, to disrupt their lives instead of everyone)

anyhow, nostr isn't going away, but a lot of rockstar in group devs have faces covered in egg at this point, and i'm gonna enjoy that for a while

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

also, it's worth pointing out that with the hemorrhaging of userbase like this all those fancy pants are gonna be extra shamed out of this because they had plenty of time to make the system more resilient

Dawn 1y ago

Theduck said he hoped it wasn't too disruptive. I was just offering some input on how to, perhaps, be less so, if that was a truthful statement. That's all.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

yeah, it was disruptive, but he says he not replyguy, i only even saw one of this dumb things, didn't seem that big a deal to me, just some nutter

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i mean, honestly, the replyguy notes are easy to recognise, all of them have the URL of the relay they were posted to at the end of them...

i think that replyguy actually has highlighted the fact that the majority of nostr client devs don't have basic programming skills like writing regexp

Low Information Voter 1y ago

Why is this on the client devs and not relay operators?

Seriously, no client dev should be writing specific spam regex.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

outbox model is client side, it's key to decentralization as well

write permission for relays is a separate thing, that's to conserve their resources

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

for example, and why i currently am not using coracle, it reads from relays in my follows lists, of which many of them include the relays targeted by replyguy, damus and primal being the two i see most often

why should it be reading from relays that aren't in my relay list, of events that are not of my follows, or my follows follows?

the default posture should be conservative for this client behaviour, so this is an example of how client devs need to take part in it

nostrudel is the best for fully implementing outbox model, IMO, though gossip and coracle both are not terrible

Lady Mae - Growth Teacher 1y ago

regex is too complicated and if not properly done, without following the basic foundation of programming, it can be a disaster: a) audit and continuity b) could open to a can of vulnerability. 🙈😬

Lady Mae - Growth Teacher 1y ago

if it is true, those clients are f*cked! 😬 or we are f*cked too 🙈 I have been asking if anyone has done red teaming (pentest) on nostr. 🤞🤞🤞Any takers from our anon friendly white hats? ☺️