Byzantine on nostr

Recent Notes

Byzantine

@Byzantine 1771335957

we need @Kagi to index nostr. there is no good nostr search engine

mIX · 3d

I thought they added relay searching months ago? I was able to search primal at one point.

j · 3d

😥 miss nostr.band

Byzantine

@Byzantine 1771190392

THREE DUMB ROUTERS TOPOLOGY
(Y-Configuration for Network Isolation)

INTERNET
|
|
[ROOT ROUTER]
192.168.0.1
(No WiFi, No devices)
|
+-----------------+-----------------+
| |
LAN Port 1 LAN Port 2
| |
| |
[WAN Port] [WAN Port]
[SECURE ROUTER] [IoT ROUTER]
192.168.1.1 192.168.2.1
NAT Enabled NAT Enabled
| |
| |
+------+------+ +-------+-------+
| | | |
[PC-1] [PC-2] [Minecraft] [Smart Bulb]
192.168.1.10 192.168.1.11 192.168.2.10 192.168.2.11

KEY DETAILS:
═══════════════════════════════════════════════════════════════════

Root Router (The "Stem" of the Y)
├── WAN: Connected to Modem/Internet
├── LAN IP: 192.168.0.1 (or any base subnet)
├── DHCP: Can be disabled or only serve the two routers
└── IMPORTANT: No devices should connect directly here (no WiFi)

Secure Router (Left Branch)
├── WAN: Connected to Root Router LAN (gets IP like 192.168.0.2)
├── LAN IP: 192.168.1.1 (Different subnet!)
├── DHCP: Enabled (192.168.1.100-200)
└── Devices: PCs, Laptops, Phones, NAS (Your trusted devices)

IoT/Insecure Router (Right Branch)
├── WAN: Connected to Root Router LAN (gets IP like 192.168.0.3)
├── LAN IP: 192.168.2.1 (Different subnet!)
├── DHCP: Enabled (192.168.2.100-200)
└── Devices: Minecraft server, Smart home devices, Untrusted IoT

ISOLATION MECHANISM:
═══════════════════════════════════════════════════════════════════

Traffic Flow:
• Secure PC → Secure Router → Root Router → Internet ✓
• IoT Device → IoT Router → Root Router → Internet ✓
• Secure PC → IoT Router → BLOCKED (Different subnet, behind NAT)
• IoT Device → Secure Router → BLOCKED (ARP broadcasts don't cross routers)

Why This Works:
1. Routers block Ethernet broadcasts (ARP cannot traverse)
2. Each network is its own "broadcast domain"
3. Double NAT prevents IP scanning between networks
4. Compromised IoT device cannot use traceroute to find Secure network
(Only sees: IoT Router → Root Router → Internet)

Configuration Checklist:
□ All three routers have different LAN subnets (e.g., 0.x, 1.x, 2.x)
□ Secondary routers connect via WAN ports (not LAN ports)
□ No "Bridge Mode" or "Access Point Mode" on secondary routers
□ Root router ideally has WiFi disabled (or use as guest network only)
□ UPnP disabled on Root Router (prevents IoT from opening ports inward)

Brad Mills · 5d

What’s wrong with him seeing that stuff - someone could hack him?

Byzantine @Byzantine 1771181889

unknown. but if it is compromised it will be trivial to run a packet sniffer and report back all local unencrypted traffic and target local devices based on published exploits, so just keep it segregated

papaslag · 5d

Could you just put your clawbot box on an isolated vlan from the rest of your network?

Byzantine @Byzantine 1771181724

yes i was trying to make it super easy where you are just clicking buttons on a ui. most people can't set up a vlan but they can plug in a router gateway

1❤️1

papaslag · 4d

Appreciate that, I’ve never used those tools so just wanted to confirm I was thinking of them the same way

Brad Mills · 5d

Why do this

Byzantine @Byzantine 1771160687

and you want to be able to access your clawbot remotely so it gets its own access via tailscale

Brad Mills · 5d

Why do this

Byzantine @Byzantine 1771160495

you don't want your local clawbot to see your local network with all your other computers and your home router but you do want your clawbot to have access to the internet

1❤️1

Brad Mills · 5d

What’s wrong with him seeing that stuff - someone could hack him?

Byzantine

@Byzantine 1771158846

simple way to isolate your clawbot that you host at home:

1. buy a glinet gateway
2. plug wan into local network
3. plug clawbot box into lan on glinet gateway
3. on glinet gateway, enable tailscale
4. disable local network access on glinet

via tailscale menu on glinet:
5. enable alternative route to 192.168.8.1
6. on other computer connect to tailscale via tailscale app
7. navigate to ip of the clawbot box via ip (192.168.8.xxx)

Brad Mills · 5d

Why do this

papaslag · 5d

Could you just put your clawbot box on an isolated vlan from the rest of your network?

note1hswdu...

Byzantine @Byzantine 1770908261

an easy solution in the future is going to be filter content by zaps and AI certainly can zap but only so much before it runs out. It'll never run out of time to spam.

gojiberra · 1w

do you think relays would ever be paid to run AI models? maybe Nostr would be the discoverability layer to find private APIs to relay hosted AI models?

Byzantine @Byzantine 1770901290

yes but the post on the paid relay will also need filtering

Byzantine

@Byzantine 1770901267

even then bots will be on paid relays and their messages on the paid relays will be judged by amount of zaps attached to those events

mleku @mleku · 1w

Replying to @Byzantine

or, you know, like... paid relays, whitelists, web of trust filtering. anyway, haha. yeah, thet centralized systems are definitely going to be completely slathered in AI slop. good. they already started KYCing everyone anyway, and with AI generated noise, people might decide the Show more

Byzantine

@Byzantine 1770896281

in a year or less I predict most communication channels will be flooded by LLM generated content and the only way to get through will be a zapped message. all of the free messages will be ignored.

mleku · 1w

Byzantine

@Byzantine 1770758999

everyone should take the grey pill.

it feels more realistic.