Oddbean new post about | logout
hodlbod | 1 days ago (raw) | export | reply | flag +12 
 Check out the recent nprofile1qqsdluwc0qu62t3el7nxl93387gmppe56jkvm88vcuwh3lpw4fcevwsc4as3x in which I interview nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qghwaehxw309a3xjarrda5kuetj9eek7cmfv9kz7qg6waehxw309ajxzumg9ekk7cmtd9hxw7t0w5hxxmmd9uq3samnwvaz7tmwdaehgu3wdpjkc6t0v3jhstnrvchszxnhwden5te0wpskjepwdehhxarjd9nxjety9ehhyee0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uq3wamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet59uqzpycvemcjxuka9utq2l8u2ncdhk2rxhvt2x6wyumjx6cqe2m33lxe890qdt of Pubky/PKARR/Synonym fame. I really enjoy talking to developers from other protocols. There's lots we can learn from each other. 

Listen here: https://fountain.fm/episode/HXQpcOdQU9Tnxa9BQO2v
atyh | 1 days ago (raw) | root | parent | reply | flag 
 super interesting! 👍
Five | 1 days ago (raw) | root | parent | reply | flag 
 Listened to it today.
Can recommend!
If only I could be so humbly and unassumingly curious about other people as you are. Always a pleasure to listen.
About the content: I would not say I understood everything lest the consequences of protocol design decisions.
So even though I have my opinions I rely on intuition how people approach things and communicate and behave themselves. This intuition has not failed me when I went bitcoin-only from the start.
Top Devs on nostr are not amazing simply because they are great devs but because they seem like people with depth and strong values. Character. That is at least half the reason why I keep believing in nostr's success.
Nuh 🔻 | 1 days ago (raw) | root | parent | reply | flag +1 
 Good time to know more about Pkarr/Pubky 

While you are at it, check HTTPs (TLS) for Pkarr domains, and check the example code to see how easy it is and how little changes to the web you know and love it would be:

```
git clone https://github.com/pubky/pkarr.git
cd pkarr
git checkout origin feat/tls

cargo run --example http-get https://1mowhqorea6ioiietpu5ixngrit3wxrpxmkmduprycbxh8cwxjmo
```

nostr:note17dfqt7tc6w8e0068u6mhfakerpskjgcvjnpgpueskcv9s9nx5spsdxh878
fiatjaf | 1 days ago (raw) | root | parent | reply | flag 
 One question for nostr:nprofile1qythwumn8ghj7cnfw33k76twv4ezuum0vd5kzmp0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qyd8wumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdakj7qgcwaehxw309ahx7um5wghxsetvd9hkgetc9e3kvtcprfmhxue69uhhqctfvshxummnw3exjenfv4jzummjvuhsqgynpn80zgmjm5h3vptul320pk7egv6a3dgmfcnnwgmtqr9twx8umyel8dkf  : what is the problem of having a small DHT? If the BitTorrent DHT works super well as you say, why wouldn't it work if it was exactly the same, but smaller (with just Nostr clients) and done with secp256k1?
serapath | 1 days ago (raw) | root | parent | reply | flag 
 hyperdht is smaller and additional benefits
1. used by keet and pear runtime
2. protects against eclipse attack
3. has best in industry holepunching built in

pear runtime as dat started out with bittorrent mainline dht too, but moved on because of issues related to holepunching and eclipse attacks that cant be fixed in bittorrent mainline, because it wpuld be a breaking change and bittorrent mainline is too widely distributed.

the scale of mainline is much less helpful when it cokes to eclipse attacks and smaller size is sometimes as secure because of the additional sybil eclipse attack protection.

anyway - would recommend to talk to the pear runtime team at holepunch.

hyperdht is the most advanced and modern dht i am aware of and would definitely recommend 🙂
Nuh 🔻 | 1 days ago (raw) | root | parent | reply | flag 
 At the extreme a small DHT can be thought of as a list of relays but worse because you allow anyone to join that list dynamically and without permission. So all it takes to disrupt that list is to: 
1. create many more sybil nodes than honest ones 
2. spam/DDoS the honest nodes to make them less responsive

and probably an attacker will try both for maximum effect.

a small DHT has less capacity than a large one all things being equal, the effect of churn is much more disruptive, but more importantly much more vulnerable.

You say a DHT of Nostr clients, but that needs using upnp or asking users to manually open ports, other wise clients are useless and only dedicated servers can count. Bittorrent provides a robust and proven supply of nodes willing to do that, because it had it is product market fit and there is no sign of that fading away.

If you think the risk of hardcoded relays not being enough (relays get abandoned, or overwhelmed, or censored) is low, then you should favor that over a small DHT.
serapath | 1 days ago (raw) | root | parent | reply | flag 
 a large DHT without eclipse attack protection can be worse than a smaller DHT with eclipse atrqck protection.
Wthout an attacker can occupy a specific area of the DHT with relatively few sock puppet nodes. With the protection the cant attack specific areas and need to just spam the entire DHT nodes to eventually attack the DHT keys they are interested in.

Also, if every DHT node supported holepunching and assisted new nodes with holepunching as well, things become a lot more useful.

The sybill attack mitigation and the assisted distributed holepunching is both supported by hyperdht which the pear and bare runtime use.

Would be cool to bundle it with a nostr node.

If all nostr nodes supported it, it would improve the resistance against the sybil attacks by an order of magnitude more than with other DHTs like bittorrent mainline