Quick rustacians, let’s re-write caddy in rust.
Damn, less excuses now for typos 🙃
Other issues include relays broadcasting older kind 3 for a pubkey (so maybe double processing by clients, as different event ids), also the bug were clients update your following data from stale data and you most commonly drop newest following data. Obviously missing relays. I think there are a few others too… weirdly it’s pretty hard. But it also kind of doesn’t matter outside of a log scale.
I’d love to see what numbers people get. I did some work on this recently as my numbers were low.. turned out that kind 3 events got too large (people following 100s) and were being rejected from what I collected.
Funnily enough, only in dev, I had a bug where the counts went the other way too - when event processing failed and were retried, my summary counters borked.
Long story short, I was surprised too once I started to get more accurate numbers and tweaked some stuff. More than expected.
Nostr has a decent way to go with key management - unless you are careful with your private key.
Things like rotating, expiring or migrating - or multi-sig keys, are all under development.
I just needed a simple enough way to add login to a website or web service, that didn’t allow impersonation. It may get replaced as things develop.
It’s a cool NIP that I need to read more about.
Basically what I tested was 100% local using Nostr browser extensions to sign an event using a server auth challenge. It’s more similar to NIP-42 however doesn’t need to be a relay, and doesn’t need websockets. It just uses a similar event payload over REST.
So I’d say fewer devices, less network dependent, more transitional sessions using cookies, etc. A simpler approach, but also less features.
CC #[1]
Source code here.
https://gist.github.com/blakejakopovic/b0065b9327c48c148bfe989c08137ba1
For clarity, this doesn’t do full event auth validation, as I may not use Ruby - no reason it can’t be added where I’ve commented.
This is the simplest code to get this working, so not prod ready, but decent example code.
Where I think this could be fun and useful is being able to log into a relay via a web porta and set personal preferences like “friends of friends only mode”, or “explicit content filter”, or whatever. Maybe even see stats for your pubkey or devices recently active.
CC #[1]
Source code here.
https://gist.github.com/blakejakopovic/b0065b9327c48c148bfe989c08137ba1
For clarity, this doesn’t do full event auth validation, as I may not use Ruby - no reason it can’t be added where I’ve commented.
This is the simplest code to get this working, so not prod ready, but decent example code.
And we may need a new NIP for this as we don’t need parts of 42 that are relay specific.
CC #[1]
Source code here.
https://gist.github.com/blakejakopovic/b0065b9327c48c148bfe989c08137ba1
For clarity, this doesn’t do full event auth validation, as I may not use Ruby - no reason it can’t be added where I’ve commented.
This is the simplest code to get this working, so not prod ready, but decent example code.
Cool. I have a (poor man’s) “Login with Nostr” prototype for Ruby using cookies for sessions.
Why does this matter? You can log into websites without sharing your private key, while still proving you have access to it. Impersonation is not possible.
Most Nostr sites today just load your pubkey and then ask to sign posts as you publish them - that’s fine too. The goal here is to only show content for that pubkey - so proof you hold the private keys are required sooner (basically just a normal login).
I haven’t tried it but I think this site sends you a DM on Nostr with a login token: https://vida.page/
Thanks. I’ve used a similar approach in the past and it works, but is a annoying UX wise.
Yep. That’s what I’m after.
Primary reason is “Login with Nostr” needs more experimentation in general. And I’d like to use it myself too.
I’ll build a minimalist vanilla JavaScript version I will share if I get it working. I’d be great if you can share anything in this space.
Unaltered 
Yep. The extensions are good. The part I’m trying to find prior work is around login using private key (not sharing it.. just using it) or a signed event like the AUTH relay nip.
I want the sign in to validate you have private key access - but beyond that, I don’t need your private key at all. Just confirm you have access to sign things.
Has anyone made or are there any examples of using a Nostr browser plug-in to use your private key to sign something to effectively log into a website or service? Ideally two click sign-in — 1. Login button and 2. Approve login (sign using extension). Noting, entering a pubkey alone is unsuitable.
Basically experimenting with Nostr (password-less) Login for a website. Successful login would create a web session for auth against your pubkey. Logout just deletes that session.
Anatomy of a Nostr spam attack. Profiles, reactions and reposts created.
Bot believes the current year is 2157.
It’s still point to point, and not p2p or some kind of aggregation.
What it can do however is stream multiple Nostr subscriptions or events at the same time from the same relay - or perhaps even stream events and the media content like images at the same time without blocking.
At present if you send 5 large events and 5 small ones, the first large 5 events need to be received one by one fully before the faster smaller events can even start. Basically congestion.