thanks! Hey nostr:nprofile1qqs8eseg5zxak2hal8umuaa7laxgxjyll9uhyxp86c522shn9gj8crspz9mhxue69uhkummnw3ezuamfdejj7qgjwaehxw309ahx7um5wgerztnrdakj7qgkwaehxw309a3x2an09ehx7um5wgcjucm0d5hsvlnggv, is it possible to add custom code on relays that use your service? Like specifying what happens when an event arrives, and so on.
Is there a relay hosting service? With a guy and everything, where I can click buttons and host my relay?
#asknostr
it's gonna fail so miserably
ahh, I thought it was nostr DDOS, never mind
well, nothing to joke about, but yeah I think it can work.
The idea is that u use the reputation of the client/author of the event to rate limit. No reputation, no responses.
Now, to get this reputation, you could compute it on your own or use a provider like Vertex.
If you do the latter, than the attacker could make you waste money for ranking throwaway pubkeys. That's were u use IP addresses to rate limit the pubkeys an IP could make you rank.
all from unique IPs?
With ongoing DDoS of my server, ive added a backup zap-stream service and wrote some docs on how YOU could run your own zap-stream backend (the new one)
https://github.com/v0l/zap-stream-core/blob/main/docs/MANUAL.md
maybe nostr:nprofile1qqstq4j6pk2sgaupru6l7ah9nq0dueafq356jllwcy7uzlek9yx7hlspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshsnpjku2 can help here dude.
Reputation + IP rate limiting
mmm interesting. I'll investigate for sure dude.
Thanks for the heads up! nostr:nprofile1qqs0dqlgwq6l0t20gnstnr8mm9fhu9j9t2fv6wxwl3xtx8dh24l4auspz4mhxue69uhkzat5dqhxummnw3erztnrdaksz9nhwden5te0d4kx26m49eex2ctv0yhxcmmv9uq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7dj6rpa issues with the DVM after you launched the new Vertex it seems
I wasn't able to replicate because I get an error client side (defo not in Vertex this is a Java thing)
Maybe it's caused by removing the REQ nostr:nprofile1qqs8y6s7ycwvv36xwn5zsh3e2xemkyumaxnh85dv7jwus6xmscdpcygpz9mhxue69uhkummnw3ezumrpdejz76jympz
nostr:nprofile1qqsv0mdxvznteqns2v8g9d98wy4vm63wx8wq54hcmj244sqfalvhepspy9mhxue69uhhyetvv9ujuumgv9mku7t9v9nk2u3wvdhk6tmfde3x77qpyfmhxue69uhhyetvv9ujuumgv9mku7t9v9nk2u3wvdhk6tm0w46xymmcqy3hwumn8ghj7un9d3shjtnndpshwmnev4skwetj9e3k7mf0wpexjanpw3jsksuhh6 what version are u using? If it's an old one, it might have become incompatible
thanks man. Autists onward!
I would say minimal overhead
no no, no changes to the endpoints. All internal and backward compatible.
nostr:npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup are you seeing much in the way of “rank sink” (aka PageRank island) being exploited by bad actors? I haven’t done a thorough analysis but even with a damping factor of 0.85 I’ve seen it crop up sporadically.
I did see a bit (experiment in April 2024), and I've implemented a slight modification to the algo.
During a random walk, if a cycle occurs (a --> b --> ... ---> a), then the walk stops.
This doesn't influence ranks of normal users because the probably of a cycle is super small give that on average people follow 100 others. However, some bad actors follow each others to boost their rankings, and this simple modification lowered their ranks by a factor of ~3.
no, 1 credit per request if using Global Pagerank, 10 if using Personalized Pagerank.
The pricing is probably going to change btw
> Experimenting with localized rankings and implicit trust
which algos?
> $5000/1M requests is absurd though
I don't think so. For example with RankProfiles you can rank up-to 1000 pubkeys in a single request.
thank you, and please share! Sharing and collaborating is how we make nostr obsolete everything else.
If you are interested we could have a chat about it
Great episode of nostr:npub10atn74wcwh8gahzj3m0cy22fl54tn7wxtkg55spz2e3mpf5hhcrs4602w3 with nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx and nostr:npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup discussing the most difficult and important open problem in all of freedom tech: web of trust.
I’m glad to see centrality algos like #pagerank (personalized as well as global) make their way into nostr via 3rd party WoT services like nostr:npub1kpt95rv4q3mcz8e4lamwtxq7men6jprf49l7asfac9lnv2gda0lqdknhmz . Do any nostr alternatives run centrality algos? Nope, not yet, not that I’m aware of. nostr:npub13ndpm2hm9hud4azsq5euhf5mv3d05r90wymwxsd7rdn29609hhvqp60svh promises that Pubky will — someday — but I’ll believe it when I see it.
For those who don’t know, PageRank is a simple but extraordinarily powerful centrality algorithm that deserves higher visibility in the nostr ecosystem. It’s how Google eliminated spam from keyword search in 1998. In other words, PageRank launched a trillion dollar company. For calculating WoT over nostr, PageRank is the next step beyond my follows + their follows.
Thank you David.
🚀 Introducing Vertex v2.
7+ weeks of the most un-sexy work, debugging, refactoring, simplifying and squeezing every bit of performance, nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qpqkpt95rv4q3mcz8e4lamwtxq7men6jprf49l7asfac9lnv2gda0lqpsy38p is now:
- faster
- simpler
- more stable
All to make WoT as simple as possible for builders.
https://blossom.primal.net/23f1ece5992563347f0ad6d2f0f77c456dc6d74a5a1822791c7696c171483506.mp4
nostr:nprofile1qqs0dqlgwq6l0t20gnstnr8mm9fhu9j9t2fv6wxwl3xtx8dh24l4auspz4mhxue69uhkzat5dqhxummnw3erztnrdaksz9nhwden5te0d4kx26m49eex2ctv0yhxcmmv9uq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7dj6rpa and I yet to connect directly. This needs remedying!
I would be happy to learn more about your ideas sir. Want to message on Signal?
well, that's what I'm doing, although palantir doesn't exactly sound like a compliment :)
nostr:nprofile1qqs874el2hv8tn5wm3fgahuz99yl624el8r9my22gq39vcas56tmupcpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgcwaehxw309ac8yetdd96k6tnswf5k6ctv9ehx2aqsenfjh if you can use Nostr you can use UTC 😂 maybe one day I will catch the live chat
Great convo with nostr:nprofile1qqs0dqlgwq6l0t20gnstnr8mm9fhu9j9t2fv6wxwl3xtx8dh24l4auspzemhxue69uhhyetvv9ujumn0wd68ytnzv9hxgqg4waehxw309ash2arg9ehx7um5wgcjucm0d52m9qj9
Thank you 🫡
thanks!
Vertex by nostr:npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup sounds like a great service all major clients should consider using.
nostr:note1wcf2deexg40ny3wr9lfunaa0w7h4gsh06p0hy6a7ufux8tx3zz9q2cfjy7
thank you for the shout-out sir :)
thanks for sharing mate.
I've used networkx in the past, which I am sure it's slower, but still I found that visualizing a social graph is rarely useful. You just see a buuuunch of arrows and it's very hard to make sense of it
Nostr will fail to the extent that people can't tell an impersonator from the real thing. The number of reports I get about my impersonator indicates to me that nostr is failing. But it doesn't have to be this way! Web of trust fixes this.
Let's play a game of "spot the impersonator". I created a fresh impersonator account with a valid NIP 05 from nostrplebs and all the same profile data. I didn't bother to clone my notes or create a bunch of sock puppet followers, but that could easily be done, and would improve the resemblance.
Coracle:
Pretty good if I do say so myself. Social trust is shown in two separate ways: web of trust indicator and followers tab (although followers is not complete or sybil resistant).
0xchat:
Exactly the same, other than NIP 05 address, which I don't consider any sort of validation at all. This is a classic phishing maneuver, and recently allowed nostr:nprofile1qyfhwumn8ghj7am0wsh82arcduhx7mn99uqjzamnwvaz7tmjv4kxz7fwwd5xzamw09jkzem9wghxxmmd9a5kucn00qqjqamnwvaz7tmjv4kxz7fwwd5xzamw09jkzem9wghxxmmd9a3ksct5qy38wumn8ghj7un9d3shjtnndpshwmnev4skwetj9e3k7mf0da6hgcn00qqjxamnwvaz7tmjv4kxz7fwwd5xzamw09jkzem9wghxxmmd9ac8y6tkv96x2qpqclk6vc9xhjp8q5cws262wuf2eh4zuvwupft03hy4ttqqnm7e0jrqlg4lcf's impersonator to trick some people.
Yakihonne:
Some social indicators are shown, but are not sybil resistant. They're also down the page a bit, and might not be noticed by users.
Jumble:
No social proof indicated at all — the tabs at the bottom can easily be faked by the impersonator.
Nostter:
No social proof, and failed to validate the NIP 05 for the real user.
Nostrudel:
Nostrudel does something original in showing the public key color. But how often are you going to memorize a user's color? I'd argue this is even worse than nothing because it obscures the NIP 05, which _might_ tip you off.
Iris:
Iris shows wot-vetted "known followers", which is good. In other places, a wot-based check mark is shown next to user avatars. This should probably be added to the profile page too, but still, pretty good.
Amethyst:
Amethyst shows some social proof, but it's hard to tell exactly what those profile pictures mean.
Primal:
Like yakihonne, social proof is visible, but not sybil-resistant.
Let's take a look at search now. Some clients do a much better job at this, some do a MUCH worse job.
Coracle:
WOT indicators, correct sorting, complete results. Arguably, the impersonators should be filtered out entirely, but I personally prefer to have them included.
Jumble:
Same thing, minus WOT indicators. Not bad.
Nostrudel:
It's a pass, but I'm not sure if duplicates are filtered out on purpose or not. The check marks indicate NIP 05 validation, not wot validation.
Yakihonne:
Only shows the legit version, along with a badge (I'm unsure if it's NIP 05 or something else). Pretty good.
Iris:
Very limited results, WOT-based check, pretty good.
Primal:
Eliminates impersonators, show follower count, pretty good (though not sybil resistant in all cases).
The winners are Iris and Coracle for web of trust indicators, and Primal and Yakihonne in the "global view of the network" category. I'd love to see this get better though, and not just because I am now famous enough to have an impersonator. WOT calculations are low-hanging fruit, especially with the vertex DVM by nostr:nprofile1qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyt8wumn8ghj7ct4w35zumn0wd68yvfwvdhk6tcpzemhxue69uhk6mr9dd6juun9v9k8jtnvdakz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3wamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmny9uqzpa5rapcrtaadfazwpwvvl0v4xlskg4df9nfcem7yevcaka2h7hhjm9zju5 around. Getting this right is a core value proposition of nostr and is worth the effort.
Client devs, if you don't want to reinvent the wheel when it comes to something so crucial as protecting your users from impersonators, you can just use nostr:nprofile1qqstq4j6pk2sgaupru6l7ah9nq0dueafq356jllwcy7uzlek9yx7hlspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshsnpjku2 DVM's.
WoT then becomes as simple as publishing an event.
To see how it would work, you can check npub.world. Just keep in mind that it will become even faster after the refactor is complete.
No need to commit straight away, you can test it for free. Learn how at vertexlab.io
(thanks Jon for the shout-out)
Finding your work in en public and still working without any issues (after +15 years) is very unique feeling of pride. This is an application (webtechnology wrapped in a Adobe AIR runtime) which you can operate with a touchscreen mediaplayer (common specific touch gestures were concepts we didn't know yet).
https://shares.sebastix.dev/SJyOj0dE.mp4
Back in 2010:
I even had the honour to met our king (who was still the crown price at that moment) who opened the exposition of which this application was part of.
https://youtu.be/pqi8tea8ngg?&t=69 (Dutch)
I feel old now 😆
wow man, that's really impressive to think about.
Now that I've setup haven, I just found rely from nostr:npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup:
https://github.com/pippellia-btc/rely — I have no clue what I am doing with Nostr
it's a good thing to have multiple implementations.
Haven is based on khatru (a framework) and I imagine offers a complete experience out of the box.
rely is a framework like khatru, overall simpler, less features and "tighter"
it's not fully ironed out, but a great starting point is apps using nostr:nprofile1qqstq4j6pk2sgaupru6l7ah9nq0dueafq356jllwcy7uzlek9yx7hlspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshs4kprv3, a web of trust as a service.
> You are true, but this solution could avoid the network
I don't think this is a network problem. Different apps/clients/relays will use different filters for prevent abuse. Some will be more welcoming, others more restrictive.
> Firsts day/weeks action of the spammer that will determine if he is annoying...
Don't think this works. If you give the benefit of the doubt to new users, spammers will have it as well, which means they'll consume resources and then after one week they'll generate a new key and start again. There is an asymmetry in their favour, which is bad.
Thanks for this convo, lots of ideas
Yo, I need someone to volunteer to help me test all aspects of coop (https://github.com/lumehq/coop). I want to move to a stable release this month, but there's still a lot of work that needs to be done 🥲.
you got this
This is the difference between real-time data and cached data.
The latter is always a step behind.
nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0 is using nostr:nprofile1qqstq4j6pk2sgaupru6l7ah9nq0dueafq356jllwcy7uzlek9yx7hlspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshsnpjku2 to verify the reputation of app developers, minimising the risk of impersonations.
As for amethyst, wen Vertex nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqppemhxue69uhkummn9ekx7mp0qyghwumn8ghj7mn0wd68ytnhd9hx2tc42aswu 🤪
pretty brutal yes. There are ~300k reputable pubkeys in total
If you are interested nostr:nprofile1q9n8wumn8ghj7enfd36x2u3wdehhxarj9emkjmn99ah8qatzx9e85eeexeax5ctkvashgumcx43ksvnkwe68zdrpw3shgmrex4e8verhw9nk5upsw468sae5x4ax27nwweuhzenyddu8veflvfex7ctyvdshxapaw3e82egpzemhxue69uhkjmnzdauzumn0wd68ytnhd9hx2qpqrzg96zjavgatsx5ch2vvtq4atatly5rvdwqgjp0utxw45zeznvyqxp5czt I can point to you where that is in the code
just found this note. You can use pagerank-powered search at https://npub.world/
It's not an API, but a search DVM. In practice you use them the same.
vertexlab.io
If you want to see it in practice, you can go to npub.world