What's the case against signed (JSON) events?
I can talk about JSON being awful in serialisation or deserialisation and has no canonical encoding on its own and actually not all languages encode it the same way to tha point that Farcaster specs say stuff like hey make sure to encode it like Ecmascript does because Python might do different.
But what I care about more is that Nostr events are named correctly they are events, they can't be the fundamental form of storage, they are at best useful for broadcasting links with timestamps and small content or metadata...
But the web is not just events, the web is files at the end of the day, so a protocol trying to engage with the web should also describe files hosting and access control etc... but Nostr enthusiasts like ActivityPub enthusiasts usually either ignore that aspect or start thinking absurd stuff like how to make a filesystem out of these events... Like NOoo, you make filesystems from filesystems, and you publish announcements and links about these files into aggregators if you must in JSON or whatever.
It is basically like if Tim Berner Lee said what if we create a filesystem out of HTML... No, you embed links to files in HTML, but the filesystem, its access control and identity, all of these are separate hard problems.
Finally, signed JSON is really forcing the assumption that identity is a bare key pair. It doesn't work as well if you want more complex and more useful PKI and identity system that works for both good custody UX but also good delegation and even transfer (think organisations and companies)... Ok if you need to do that, then the YOLO of signed JSON no longer works, and the hack week mentality of building a web app easily, is actually masking the sacrifices in important capabilities, but that doesn't prevent people from calling other protocols that don't YOLO with signed JSONs overly complicated.
I think the overlap between Bitcoiners and Nostr fans is important to mention here, the puritan mindless slogans like not your keys not your coins without any considerations to realities like people need to own stuff that can't be stolen from them with $5 wrench attacks, transfer to Nostr where anyone complaining about lack of delegation or advance yet standard key management and recovery, is faced with variations of have fun staying poor but for social media :)
So it is not really that signed JSON are a deal breaker, but they are usually thought ending
But what I care about more is that Nostr events are named correctly they are events, they can't be the fundamental form of storage, they are at best useful for broadcasting links with timestamps and small content or metadata...
But the web is not just events, the web is files at the end of the day, so a protocol trying to engage with the web should also describe files hosting and access control etc... but Nostr enthusiasts like ActivityPub enthusiasts usually either ignore that aspect or start thinking absurd stuff like how to make a filesystem out of these events... Like NOoo, you make filesystems from filesystems, and you publish announcements and links about these files into aggregators if you must in JSON or whatever.
It is basically like if Tim Berner Lee said what if we create a filesystem out of HTML... No, you embed links to files in HTML, but the filesystem, its access control and identity, all of these are separate hard problems.
Finally, signed JSON is really forcing the assumption that identity is a bare key pair. It doesn't work as well if you want more complex and more useful PKI and identity system that works for both good custody UX but also good delegation and even transfer (think organisations and companies)... Ok if you need to do that, then the YOLO of signed JSON no longer works, and the hack week mentality of building a web app easily, is actually masking the sacrifices in important capabilities, but that doesn't prevent people from calling other protocols that don't YOLO with signed JSONs overly complicated.
I think the overlap between Bitcoiners and Nostr fans is important to mention here, the puritan mindless slogans like not your keys not your coins without any considerations to realities like people need to own stuff that can't be stolen from them with $5 wrench attacks, transfer to Nostr where anyone complaining about lack of delegation or advance yet standard key management and recovery, is faced with variations of have fun staying poor but for social media :)
So it is not really that signed JSON are a deal breaker, but they are usually thought ending
1❤️1👍1🤙1