Oddbean new post about login | logout @hzrd149 nostrudel trying to sign DM with 'null' in tags: {\"kind\":4,\"content\":\"vckekw0ADZhsRYcA/5Iv90sZw7rcvBySa2u6NG7FwbontwKcLKOrYGB5uTLPLqkMKImQqDiDHCLOl6E3YltJj3h5CTPmGC3y2e/pXhZgmID5Pdl4omf/hbcHaCuYG5N15NXLO7Wtg3yrQsefg5Xd9bMT5ZA6FwGzkvGLhCjKTn8Iz2IAwpqb2p6zbSCB166WGtEIM5rBVPTFfSTQMDtvxg==?iv=bxUEv6Zu4kVK7sNfAoaKWA==\",\"tags\":[[\"p\",\"5144fe88ff4253c6408ee89ce7fae6f501d84599bc5bd14014d08e489587d5af\",null]],\"created_at\":1710307709,\"pubkey\":\"3356de61b39647931ce8b2140b2bab837e0810c0ef515bbe92de0248040b8bdd\"}"]
Agh typescript failed me....
#golang only
Found and fixed the bug (I think). looks like it was getting "undefined" when it was adding "p" tag relay hints. and then JSON.stringify converted that to null Fix should be in next.nostrudel.ninja
my daily driver, God bless you wen NIP-42 tho
I'm not sure, I've got an idea of how I'm going to do it but I need to find a good UI for prompting the user to sign the auth requests. I want it to prompt the user to "Auth once", "Always", "Not this time", "Never" and maybe for a specific number of days. I don't like the trend of nostr clients signing auth events without asking the user
Nsec.app will be asking this for nip42 events so just encourage people to use remote signing and problem solved
remote signing is a bad idea, but it can be made local, with a reverse proxy and wireguard VPN and running a local NIP-46 bunker but that's a pretty big obstacle for noobs to jump over, the flow needs to account for this, this is partly why alby is becoming de facto signing device for nostr web apps, and they locked that down to invite only, so this is a big onboarding problem how do you encourage new users to use paid relays if none of the clients actually support the proper auth flow???? relay devs and relay providers are stuck behind the fence that nobody is building a gate in, still, 1 year later since the spec was made
Why is remote signing a bad idea?
because your nsec is far away from you
the only way i can see it working is if the remote service you connect to via wireguard and your bunker is running on your machine listening on your wireguard address... then the key is in your possession on your computer and not copied to another machine there might be other ways to make a tunnel, but i know i can do it this way with wireguard already, it is very easy, i run my relay this way and it makes it internet accessible, i can even put all kinds of subdomains to point at any number of web servers i want to run
i could probably even set up a service that deploys all this automatically and all you have to do is install one program which opens the wireguard tunnel and signs for you, on your own device... could easily be made for all platforms too, it's a very small thing would be a combination VPN/bunker service, so you get VPN protection in the deal
alby already handles this and it works, sorta, on coracle authing is one thing that shouldn't force you to interact every time, you are in, until you are out, almost everything else can be though... alby does distinguish many things, and it definitely separates signing auth challenge events from any other type of event
also, yeah, this is part of the problem with the whole client ecosystem altogether... nobody seems to know what to do and they do nothing at all, not pointing fingers specifically but the lack of implementation of NIP-42 means the gate to paid relays and chatbots are both quite closed and most of the relays don't process it properly either! pretty sure you have to write a custom plugin for strfry and the rust relay not heard anything about it supporting this feature, even though it seems to be the most popular