HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kdragon

no profile record

Submissions

Show HN: Secure end-to-end client sessions and API calls using crypto key pairs

github.com
9 points·by kdragon·4 वर्ष पहले·0 comments

Nostr is a stupid simple P2P protocol that works, built by builders

248 points·by kdragon·4 वर्ष पहले·128 comments

comments

kdragon
·2 वर्ष पहले·discuss
It's not that strange. People tend to use what is popular.

There are several implementations of core across various languages, not including custom forks of core.
kdragon
·3 वर्ष पहले·discuss
There was a section of IBM's quantum computing challenge that had you encrypt/decrypt logical qbits by transforming their phase state to a known degree. If the state was altered in-transit, than the inverse transform will not cancel out correctly.

the challenge also mentioned that for it to work in practice, the qbits themselves would have to be transported somehow.
kdragon
·3 वर्ष पहले·discuss
Plot twist: this entire shit-show was orchestrated by chatgpt while inside OpenAI's basement.
kdragon
·3 वर्ष पहले·discuss
> Austin was just a bunch of housed and employed people quietly dying because our government is anti-humanist.

Good lord.

It was a once in a century weather event. Austin and Texas in general celebrates a limited government. So you should take responsibility and prepare accordingly.

If you seriously feel like the city government is anti-humanist and out to get you, then maybe you should pack up and leave town immediately.
kdragon
·3 वर्ष पहले·discuss
> I haven't yet heard a rational explanation for just how badly ECDSA mangles the Schnorr protocol in exactly the way that means a lot of implementations end up with horrible security holes.

I thought schnorr was under patent for a bit, so an open alternative was needed? Also ECDSA does allow for recovery of the public key from the signature, which can be useful.
kdragon
·3 वर्ष पहले·discuss
nostr has an early NIP that talks about publishing timestamp commitments to the bitcoin blockchain, using the open timestamp protocol
kdragon
·3 वर्ष पहले·discuss
it's not that big a deal if you use a hosted wallet. There's quite a few options out there, like stacker.news or wallet of satoshi.
kdragon
·3 वर्ष पहले·discuss
You can use it as currency on stacker.news

You can tip people on the nostr protocol. stats are on zaplife.lol

you can tip musicians on wavlake

there's a Minecraft server called satlantis where it is used as a currency

there's a lot of plugins you can use to build your own lightning enabled apps on lnbits

the space is still young so a lot of software is beta, but there's plenty to play with

check out the plebdev course on udemy if you want to dive into lightning development
kdragon
·3 वर्ष पहले·discuss
TLDR:

- Create two keypairs.

- Use ECDH to derive a shared secret.

- Use secret to tweak pubkey of the recipient.

- Send money to the tweaked (and hashed) pubkey.

- Recipient has to keep an eye out for this tweaked key on the blockchain.
kdragon
·3 वर्ष पहले·discuss
Nostr partially addresses this in a few ways:

* Media itself is not stored, only links to media.

* Relays are free to limit usage, charge a fee or require proof of work.

* There are many kinds of messages with different storage standards i.e ephemeral messages are not stored at all.
kdragon
·4 वर्ष पहले·discuss
Gas fees are also a solution to the halting problem that comes with Ethereum's EVM (and its Turing completeness). So you are paying for space and computation.
kdragon
·4 वर्ष पहले·discuss
Guilty >_>

It feels nice when a protocol has its core devs on the same wavelength as application devs. That's the feeling I get with nostr.
kdragon
·4 वर्ष पहले·discuss
I was being a bit dramatic with my choice of words but you are absolutely right :-D
kdragon
·4 वर्ष पहले·discuss
So much FUD.

1) miners profit from energy surplus. They do not create new power plants. Nobody is firing up a new coal plant to mine bitcoin. That is absurd.

2) miners have incentives to find and use wasted energy. For ex, flare gas recycling. Which actually helps the environment.

3) miners can turn on/off at will, and produce energy loads on demand. Which means they balance out the energy grid. Especially from erratic energy sources like wind and solar. This is already being deployed in some states.

You are fighting on the wrong side buddy.
kdragon
·4 वर्ष पहले·discuss
They do with the extended key as it includes the chain code.
kdragon
·4 वर्ष पहले·discuss
My vote is for extended keys, something based off HD Wallets:

https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...

Easy rotation and recovery of individual keys, but you do have to protect your master seed.

Nostr also supports user verification through DNS hostnames.

https://github.com/nostr-protocol/nips/blob/master/05.md
kdragon
·4 वर्ष पहले·discuss
You can argue that it is not true P2P, since you rely on a public-facing intermediary.

A lot of p2p protocols cheat with relays, it is really hard to traverse nats otherwise.

Nostr can be used for peer discovery to bootstrap a direct p2p connection.

You could also use a client/relay hybrid application, similar to other p2p networks. That would be fun to build. :-)
kdragon
·4 वर्ष पहले·discuss
Yes this is the crux of any social media application. I don't know if there will ever be a perfect solution.

I like that nostr abstracts this problem away from the relays. Relays only focus on storing data and handling subscriptions. They can choose to censor and/or curate content if need be, but it's not their concern.

It's up to the client to come up with a solution, and that client can be a platform or a protocol of its own.

edit it also feels really great to work on that problem from the application layer. I can come up with a solution that isn't confined to the parent protocol.
kdragon
·4 वर्ष पहले·discuss
fixed >_<
kdragon
·4 वर्ष पहले·discuss
Great question! Relays aren't involved in curation or discovery, so it fall on the client.

You can request very broad subscriptions from relays! For example, here is a site that subscribes to everything, showing you a gods-eye view of events streaming into a relay:

https://nostr.info/relays

Events have different "kinds", so you can filter this based on the type of traffic you are looking for (like public posts or user profiles).

Platforms like damus.io are more user-friendly, and offer better tools for discovering users and content.

You can subscribe to a user's feed via their pubkey, so discovery methods typically revolve around learning pub keys.