I love your cover image so much! Is this actually a tattoo of yours? I have a list of things I want to incorporate into my tattoos and a shell forkbomb is one of them. I knew I couldn't have been the first person to think of getting that tattooed but I haven't seen anyone else do it before. So good to see. If this is yours do you have any other nerdy tattoos that you feel comfortable sharing? Of course I understand if you want to shield yourself from tattoo identification, mass surveillance is a bitch now days!!

At the moment it's kept rather simple as the domain "liberal.dev" is new and I haven't done anything with it yet. I bought it because my username everywhere is "curious.liberal" so I meant I could create a subdomain of "curious" and have "curious.liberal.dev" which I quite like. Cost an arm and a leg though! Consequently I've just spun up an Nginx container and changed some CORS policies. Note that the Nostr client I am using doesn't support composing NIP-23 (long form content that supports Markdown) and therefore the formatting will be a little iffy but I'll try my best to make things clear. I have listed the files and then provided an explanation below as to what they're doing and how they work. File structure: . ├── data │   ├── images │   │   ├── lightbulb-fish-small.jpg │   │   └── nostr-profile-picture.jpg │   ├── index.html │   └── nginx │   └── nginx.conf └── docker-compose.yaml ----------------------------------- docker-compose.yaml: services: nginx: image: nginx restart: unless-stopped container_name: liberal.dev volumes: - ./data/:/usr/share/nginx/html:ro - ./data/nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro networks: - tunnel networks: tunnel: external: true ----------------------------------- nginx.conf: server { listen 80; root /usr/share/nginx/html; location /.well-known/ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods "GET, OPTIONS"; } } ----------------------------------- .well-known/nostr.json { "names": { "curious": "6ac58c09492d9256c3a224168eaf5796aeac633cc8355d57ae927fecbda16926" } } ----------------------------------- So here you can see that the docker-compose file just spins up a simple nginx container which serves the .well-known/nostr.json file as https://liberal.dev/.well-known/nostr.json This file has my petname (curious) attributed to my Nostr public-key encoded as hexadecimal. When you search for "[email protected]" in a Nostr client it automatically looks for this nostr.json from my server and then grabs the public-key which it can use to find my profile. What's cool is you can also add a list of relays that you use in your nostr.json file which in theory guarantees that you'll be found. As for the nginx.conf that's just setting the CORS headers of everything in the .well-known directory to "*". This means that a client is able to look them up without complications. If you have questions on CORS feel free to ask and I'll happily elaborate. As for the networks section, it all goes through a Cloudflare tunnel which means that my server actually exposes ZERO ports!! The Cloudflare tunnel is a Docker container which runs on my server and is added to the docker network called "tunnel". Any other containers added to the "tunnel" network are accessible by Cloudflare. The Cloudflare container creates an OUTBOUND connection from my server to Cloudflare and keeps this connection open. Now the Cloudflare container on my server and Cloudflare can talk bidirectionally like a WebSocket. When Cloudflare get a request come in they send it to my docker container which queries the "liberal.dev" container running Nginx and then this is sent back to Cloudflare who then send it back to the requestee. What's great about this is that you never know where my server is (because you only ever connect to Cloudflare, not my server) and Cloudflare protect it from DDOS attacks. Conveniently Cloudflare will also cache that nostr.json file so my server will barely ever receive requests. Everything running on my machine is open source and Cloudflare does everything for free so I have no complaints. A client of mine experienced a substantial DDOS attack recently under a site I was hosting where bots were sending terrabytes of traffic towards the site in hope of overwhelming the server and shutting it down. Fortunately because it was in front of Cloudflare the server was completely unaffected. Without Cloudflare it would cost an astronomical amount of money to run the infrastructure necessary to fend off such an attack. I have glossed over lots of things here in an attempt to be informative whilst not patronising you if you happen to already know this stuff but feel free to ask me any questions if this is completely alien to you.

At the moment it's kept rather simple as the domain "liberal.dev" is new and I haven't done anything with it yet. I bought it because my username everywhere is "curious.liberal" so I meant I could create a subdomain of "curious" and have "curious.liberal.dev" which I quite like. Cost an arm and a leg though! Consequently I've just spun up an Nginx container and changed some CORS policies. Note that the Nostr client I am using doesn't support composing NIP-23 (long form content that supports Markdown) and therefore the formatting will be a little iffy but I'll try my best to make things clear. I have listed the files and then provided an explanation below as to what they're doing and how they work. File structure: . ├── data │   ├── images │   │   ├── lightbulb-fish-small.jpg │   │   └── nostr-profile-picture.jpg │   ├── index.html │   └── nginx │   └── nginx.conf └── docker-compose.yaml ----------------------------------- docker-compose.yaml: services: nginx: image: nginx restart: unless-stopped container_name: liberal.dev volumes: - ./data/:/usr/share/nginx/html:ro - ./data/nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro networks: - tunnel networks: tunnel: external: true ----------------------------------- nginx.conf: server { listen 80; root /usr/share/nginx/html; location /.well-known/ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods "GET, OPTIONS"; } } ----------------------------------- .well-known/nostr.json { "names": { "curious": "6ac58c09492d9256c3a224168eaf5796aeac633cc8355d57ae927fecbda16926" } } ----------------------------------- So here you can see that the docker-compose file just spins up a simple nginx container which serves the .well-known/nostr.json file as https://liberal.dev/.well-known/nostr.json This file has my petname (curious) attributed to my Nostr public-key encoded as hexadecimal. When you search for "[email protected]" in a Nostr client it automatically looks for this nostr.json from my server and then grabs the public-key which it can use to find my profile. What's cool is you can also add a list of relays that you use in your nostr.json file which in theory guarantees that you'll be found. As for the nginx.conf that's just setting the CORS headers of everything in the .well-known directory to "*". This means that a client is able to look them up without complications. If you have questions on CORS feel free to ask and I'll happily elaborate. As for the networks section, it all goes through a Cloudflare tunnel which means that my server actually exposes ZERO ports!! The Cloudflare tunnel is a Docker container which runs on my server and is added to the docker network called "tunnel". Any other containers added to the "tunnel" network are accessible by Cloudflare. The Cloudflare container creates an OUTBOUND connection from my server to Cloudflare and keeps this connection open. Now the Cloudflare container on my server and Cloudflare can talk bidirectionally like a WebSocket. When Cloudflare get a request come in they send it to my docker container which queries the "liberal.dev" container running Nginx and then this is sent back to Cloudflare who then send it back to the requestee. What's great about this is that you never know where my server is (because you only ever connect to Cloudflare, not my server) and Cloudflare protect it from DDOS attacks. Conveniently Cloudflare will also cache that nostr.json file so my server will barely ever receive requests. Everything running on my machine is open source and Cloudflare does everything for free so I have no complaints. A client of mine experienced a substantial DDOS attack recently under a site I was hosting where bots were sending terrabytes of traffic towards the site in hope of overwhelming the server and shutting it down. Fortunately because it was in front of Cloudflare the server was completely unaffected. Without Cloudflare it would cost an astronomical amount of money to run the infrastructure necessary to fend off such an attack. I have glossed over lots of things here in an attempt to be informative whilst not patronising you if you happen to already know this stuff but feel free to ask me any questions if this is completely alien to you.

I know my way around security, devops, linux and software development pretty well but I am very new to Nostr so meeting people like you is great as I am trying to build up my network. As some background though, I have however done extensive research on the protocol and made some basic relays and clients using Python; nothing feature rich of course but rather to consolidate my understanding. As a result I have an very thorough understanding of how Nostr works on a technical level along with all the different NIPS. I have some plans to improve upon Nostr to deal with compromised private keys, changing of keys, the sluggishness of many clients and much more so expect a whitepaper soon! In regards to the Docker stuff I'll leave that in another comment

This is very interesting, thank you!

Consider using Briar as this is a hybrid of Bitchat but it can also sync through TOR for long-distance communication: https://briarproject.org/how-it-works Back when I was at school there was barely any signal and communications were fragile. Being the nerd I am I got everybody to download Briar to communicate via P2P Bluetooth networks just like Bitchat. This was great but of course when we all went home we still wanted to talk. Fortunately Briar would then just route messages through the TOR network. It was perfect other than the fact iOS users couldn't use it and thus after a couple of weeks it all fell apart xD I haven't had a chance to look into Bitchat much but I don't believe it offers such functionality as of yet. I very much hope that it eventually integrates with TOR or Nostr to ensure long-distance communication remains possible like with Briar #briar #briarproject #messaging #bitchat #bitchchat #tor #grapheneos #activism #asknostr

Yes, allow me to explain why this likely happens and how to resolve it. I imagine you've found that in the outdoors with a clear line of site you're able to get a location however if you're indoors, or maybe in a car or something, then it's much harder and often won't work. This is because GrapheneOS using the GPS (global positioning system) to acquire your location. GPS is much slower and the signal often won't reach you unless there's a clear line of site with the satellites. Of course GPS was the old standard and although still widely used, it has been replaced by faster, more accurate systems now days. GPS works on the basis that there are a series of satellites orbiting the earth. They're all in different places. Each satellite broadcasts a signal, the GPS components on your device pick these signals up and work out the time different between when the signal was sent (this timestamp is included in the broadcasted data) and when it was received. Naturally you'll be closer to some satellites than others and thus the signals from the closer satellites will arrive ever so quickly than the ones further away. Software on your device then cleverly triangulates you based on these time differences. Voilà you have GPS. Apple and Google implement something called WiFi and Bluetooth scanning to determine location which essentially use the signal strength of the WiFi and Bluetooth devices/ networks around you to triangulate your position. This is quite accurate as they have a big database of devices and where they are situated. GrapheneOS disables WiFi and Bluetooth scanning by default, however they can be enabled in settings. Feel free to ask me about the security implications of this. Organic Maps is something I personally use but it is rather slow with GPS and does require patience unfortunately.

"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something" - Richard Stallman, founder of GNU and the Free Software Foundation #richardstallman #hellonostr #quoteoftheday #opensource #foss #friendship #nostr

I've setup a custom lightning network address and a Nostr verified address. It was so incredibly simple to do with Docker and took less than 2 minutes from start to finish. It's much prettier now! If anyone wants a hand let me know :)

Personally sending private keys to server just feels inherently wrong. Anyone controlling the server could sign on your behalf FOREVER and there's no way of changing or rotating private keys with Nostr. Of course there's nothing stopping any client such as Iris.to deploying some malicious JavaScript (unintentionally even) that steals everyone's private keys - therefore servers and upstream code do need to be monitored regardless. That said, we would know if Iris.to or another client was doing such things because we can see the client-side code; although it would likely be too late by then. Nevertheless if you send your private-key to the server then you have no way of knowing what they'll do with it, how they handle that piece of data, if their servers are compromised etc. I suppose this is one of the fragile things about Nostr's security model. A supply chain attack would hit really hard!! #security #cybersecurity #nostr #asknostr

Absolutely loving Nostr! What a great protocol. I do find it slightly slow though as my client has to do a lot of work. Does anybody know of any self-hostable intermediaries which handle all connections with Nostr relays and send a much lighter digest to the client? #asknostr #selfhosting #nostrrelay #nostrclient

I've just had a quick look and it appears at first glance that Bitchat does use Nostr with NIP-17 for when Bluetooth P2P connections are unavailable. Therefore I assume you would be able to reach people from kilometers away

I really like this idea! My only concern is that it the Nostr private key would need to be send to the server because there's no JavaScript to sign events client side. This is quite a serious security concern. A practical workaround of course would be to have a public instance of Nostr (like Iris.to) available via TOR without JavaScript and then an authenticated instance would require you to whitelist JavaScript for the site so it can sign events client side. In regards to performance performance and user-experience I would assume it would be similar to Dread; a very popular alternative to Reddit that runs over TOR. The only possible solution I can see without JavaScript running on the site is to have the server send the unsigned event in JSON to the browser for you copy and then you'd have to use an external piece of software such as browser extension or desktop app to sign the event which you can submit to the server. Of course if you're utilizing a plugin you could streamline this much better. The latter is light-years away from ideal though and wouldn't be widely adopted. If we want these technologies to be used then we need to reduce the barrier to entry. Of course these are my initial thoughts but if you have any solutions or criticisms then please let me know :)