@Nuh
Working on https://mlkut.org, designer and maintener of https://pkarr.org.
https://nuh.dev
Relays (3)
- wss://purplepag.es/ – read & write
- wss://relay.damus.io/ – read & write
- wss://relay.primal.net/ – read & write
Recent Notes
What's the case against signed (JSON) events?
I can talk about JSON being awful in serialisation or deserialisation and has no canonical encoding on its own and actually not all languages encode it the same way to tha point that Farcaster specs say stuff like hey make sure to encode it like Ecmascript does because Python might do different.
But what I care about more is that Nostr events are named correctly they are events, they can't be the fundamental form of storage, they are at best useful for broadcasting links with timestamps and small content or metadata...
But the web is not just events, the web is files at the end of the day, so a protocol trying to engage with the web should also describe files hosting and access control etc... but Nostr enthusiasts like ActivityPub enthusiasts usually either ignore that aspect or start thinking absurd stuff like how to make a filesystem out of these events... Like NOoo, you make filesystems from filesystems, and you publish announcements and links about these files into aggregators if you must in JSON or whatever.
It is basically like if Tim Berner Lee said what if we create a filesystem out of HTML... No, you embed links to files in HTML, but the filesystem, its access control and identity, all of these are separate hard problems.
Finally, signed JSON is really forcing the assumption that identity is a bare key pair. It doesn't work as well if you want more complex and more useful PKI and identity system that works for both good custody UX but also good delegation and even transfer (think organisations and companies)... Ok if you need to do that, then the YOLO of signed JSON no longer works, and the hack week mentality of building a web app easily, is actually masking the sacrifices in important capabilities, but that doesn't prevent people from calling other protocols that don't YOLO with signed JSONs overly complicated.
I think the overlap between Bitcoiners and Nostr fans is important to mention here, the puritan mindless slogans like not your keys not your coins without any considerations to realities like people need to own stuff that can't be stolen from them with $5 wrench attacks, transfer to Nostr where anyone complaining about lack of delegation or advance yet standard key management and recovery, is faced with variations of have fun staying poor but for social media :)
So it is not really that signed JSON are a deal breaker, but they are usually thought ending
But what I care about more is that Nostr events are named correctly they are events, they can't be the fundamental form of storage, they are at best useful for broadcasting links with timestamps and small content or metadata...
But the web is not just events, the web is files at the end of the day, so a protocol trying to engage with the web should also describe files hosting and access control etc... but Nostr enthusiasts like ActivityPub enthusiasts usually either ignore that aspect or start thinking absurd stuff like how to make a filesystem out of these events... Like NOoo, you make filesystems from filesystems, and you publish announcements and links about these files into aggregators if you must in JSON or whatever.
It is basically like if Tim Berner Lee said what if we create a filesystem out of HTML... No, you embed links to files in HTML, but the filesystem, its access control and identity, all of these are separate hard problems.
Finally, signed JSON is really forcing the assumption that identity is a bare key pair. It doesn't work as well if you want more complex and more useful PKI and identity system that works for both good custody UX but also good delegation and even transfer (think organisations and companies)... Ok if you need to do that, then the YOLO of signed JSON no longer works, and the hack week mentality of building a web app easily, is actually masking the sacrifices in important capabilities, but that doesn't prevent people from calling other protocols that don't YOLO with signed JSONs overly complicated.
I think the overlap between Bitcoiners and Nostr fans is important to mention here, the puritan mindless slogans like not your keys not your coins without any considerations to realities like people need to own stuff that can't be stolen from them with $5 wrench attacks, transfer to Nostr where anyone complaining about lack of delegation or advance yet standard key management and recovery, is faced with variations of have fun staying poor but for social media :)
So it is not really that signed JSON are a deal breaker, but they are usually thought ending
1
I really hope this experiment is well documented so we don't keep reinventing HTTP APIs once every generation.
If you want experimenting we already know how to do that; Everything is a file! Create a data store, and let everyone write whatever they want and parse it as they wish, the catch is that you HAVE to deal with access control, otherwise servers will have to make up their own filters, and if you encrypt data then servers are just going to filter out all of that. you have to have owners of data repositories, you can't avoid this.
If you want experimenting we already know how to do that; Everything is a file! Create a data store, and let everyone write whatever they want and parse it as they wish, the catch is that you HAVE to deal with access control, otherwise servers will have to make up their own filters, and if you encrypt data then servers are just going to filter out all of that. you have to have owners of data repositories, you can't avoid this.
Nostr would be much stronger with a feature that lets me encrypt notes so only trusted people can decrypt them, with those notes appearing naturally in the feed of approved mutual followers.
That fee...
I understand your UX requirements, but when I say a group chat I am talking about the actual access control burden where everyone needs to share secrets with everyone which is usually the reason Signal groups can't be large, I used that to make it clear how small Nostr is.
But once you have the access control figured, you can figure out the UX so it is not a linear feed and that you can post in separate channels. In fact that is how stuff like Discord or similar workspaces work. There is also threads, or topics or channels or whatever. Filtering and organisation is the easy part. The hard part is scale and for privacy of course access control.
But once you have the access control figured, you can figure out the UX so it is not a linear feed and that you can post in separate channels. In fact that is how stuff like Discord or similar workspaces work. There is also threads, or topics or channels or whatever. Filtering and organisation is the easy part. The hard part is scale and for privacy of course access control.
Damn ... Remember you can scale group chats with all yo all encryption key sharing up to many hundreds or a thousand. That is basically fitting Nostr users in a handful of Signal chat groups for analogy!
5
New theory, Jack is moving away from Nostr because Cash App is perfectly poised to become an Everything App
Are there any signs of such moving away? Or are you predicting that he won't be able to resist the opportunity?
I don't like moderation by hosting providers and I think Bluesky understood this and did a better job than Mastodon at separation of concerns and allowing people to opt in feeds without a veto from their hosts. But this insane crusade against any kind of moderation and any kind of filtering is childish. You are not entitled to people attention. They have the right to ignore your ass.
This is a manipulatively framed question. Mastodon, today, claims to be decentralized. It explicitly says “decentralized social media platform.” In actuality, Mastodon is extremely centralized (do...
You are out of your mind man. People are free to do whatever they want including forming trusted private communities that discriminate against others that they don't like to associate with. Is there anything more stupid than talking like a libertarian while bitching about people's freedom of association?
2
it would just be nostr with a well defined outbox model, so it wouldn’t be bad
I disagree, Nostr is too tightly coupled with Websockets and signed JSON etc.. so it won't be Nostr, it would be ActivityPub/Email with better Identity solutions.
But I appreciate that you are one of the Nostr Devs that are actually reasonable about architecture and not dogmatic about it.
But I appreciate that you are one of the Nostr Devs that are actually reasonable about architecture and not dogmatic about it.
2
running a mastodon node was absolutely retarded. I tried to build my own activitypub node and failed because the protocol was so bad. Then I realized everyone would need to run a node to gain sovereig...
Would you say the same about Email servers if they had sovereign Identity (regardless of how is that identity sovereign)? Would you say the same about Nostr image hosting solutions? I know ActivityPub is not a perfect protocol, but just assume the identity wasn't tied to the server, would that be so bad?
2
well that's great! Sounds like Nostr is in no danger of shutdown because billionaires aren’t going to give millions to keep relays online, in complete contrast to the FUD from censorious Mastodon/Ac...
This is ignoring the scale. Nostr isn't as big as Mastodon let alone Bluesky. But yes it is good news regardless.