Oddbean new post about | logout
mleku | 1 months ago (raw) | root | parent | reply | flag +1 
 hm that one is a hard one though... since the only way to verify source code is to hash the binary, and what is the process for how to sign the binary as it's running exactly

that's a good question... it's on my mind because i've been inspecting the CosmWasm architecture this last week and one of the things they have in there is a verification that ensures that a source code and a binary version are linked, this thing is a big issue in smart contract engineering - how to ensure that things are deterministic, and it kinda matters with source code too

there's a lot more to but how exactly can you be sure a server is running the software version it says it is, and not some altered version? you can't! at least not trivially
mleku | 1 months ago (raw) | root | parent | reply | flag 
 this question of identifying the software being run on the other side of a network connection is a bit of a difficult one and one that i can see there being problems with snooping tyrants enforcing software development licensure and preventing broad access to software that is either in-development or outlawed

uncle bob had a good speech on that one and this train of thought has got me wondering

ultimately it doesn't matter, does it? right?

the relay has some database, doesn't mean it's the same as another relay, doesn't mean the same code is running, any protocol decision based on such things probably is doomed to be useless ultimately because you can probably not enforce this for real without an inordinate amount of resources spent because of the bazillion ways that it can probably be worked around

but... well, government... this would be a sign of the latest stage of a technocratic system though, software licensing... it's been a theme in cyberpunk for decades

nostr:nevent1qvzqqqqqqypzqnyqqft6tz9g9pyaqjvp0s4a4tvcfvj6gkke7mddvmj86w68uwe0qqsg75la9mtrcy49fg9r9a8maae6nmjwuf752lq2y9xpe30gnq4glucjawvm3
mleku | 1 months ago (raw) | root | parent | reply | flag +1 
 there's too many moving parts to ever make it practical to certify what you are connecting to

Don't Trust, Verify

this is not just the mantra of #bitcoin but it is the mantra of the internet

we now have AIs that probably can produce reasonable fingerprints of server code that can be used as identifiers

they are not deterministic because the code is one thing, and the data is another, and the interplay between them can be unexpected and random

certificate chains on deterministically produced software can exist and have a purpose but they only are of use to those actually executing the code and gathering state in their application that interacts with that code, as well as the inputs from the outside

ultimately, it is a great black void you connect to, and everything that comes back from it is untrustworthy by default, unless you can verify it

nostr makes it so the users themselves create the authentication on their content and after having dealt with the schemes of Bluesky and Farcaster, neither of which have a direct signature on events, i can say that the epic vulnerabilities this could create cannot be underestimated

if bluesky or farcaster ever have a large enough economy tied to them the profitability of violating their consensus system will be very high

you simply can't do that with nostr... all events are only authorized by the users, the data the relay handles is intrinsically untrustworthy, exactly the same as the relay software itself