Oddbean new post about | logout
mleku | 8 months ago (raw) | root | parent | reply | flag 
 my daily driver, God bless you

wen NIP-42 tho
hzrd149 | 8 months ago (raw) | root | parent | reply | flag 
 I'm not sure, I've got an idea of how I'm going to do it but I need to find a good UI for prompting the user to sign the auth requests.
I want it to prompt the user to "Auth once", "Always", "Not this time", "Never" and maybe for a specific number of days. I don't like the trend of nostr clients signing auth events without asking the user
brugeman | 8 months ago (raw) | root | parent | reply | flag 
 Nsec.app will be asking this for nip42 events so just encourage people to use remote signing and problem solved
mleku | 8 months ago (raw) | root | parent | reply | flag 
 remote signing is a bad idea, but it can be made local, with a reverse proxy and wireguard VPN and running a local NIP-46 bunker

but that's a pretty big obstacle for noobs to jump over, the flow needs to account for this, this is partly why alby is becoming de facto signing device for nostr web apps, and they locked that down to invite only, so this is a big onboarding problem

how do you encourage new users to use paid relays if none of the clients actually support the proper auth flow???? relay devs and relay providers are stuck behind the fence that nobody is building a gate in, still, 1 year later since the spec was made
brugeman | 8 months ago (raw) | root | parent | reply | flag 
 Why is remote signing a bad idea?
mleku | 8 months ago (raw) | root | parent | reply | flag 
 because your nsec is far away from you
mleku | 8 months ago (raw) | root | parent | reply | flag 
 the only way i can see it working is if the remote service you connect to via wireguard and your bunker is running on your machine listening on your wireguard address... then the key is in your possession on your computer and not copied to another machine

there might be other ways to make a tunnel, but i know i can do it this way with wireguard already, it is very easy, i run my relay this way and it makes it internet accessible, i can even put all kinds of subdomains to point at any number of web servers i want to run
mleku | 8 months ago (raw) | root | parent | reply | flag 
 i could probably even set up a service that deploys all this automatically and all you have to do is install one program which opens the wireguard tunnel and signs for you, on your own device... could easily be made for all platforms too, it's a very small thing

would be a combination VPN/bunker service, so you get VPN protection in the deal
brugeman | 8 months ago (raw) | root | parent | reply | flag 
 Nsec.app stores keys in your device, it's running inside browser service worker which is weken up by a push message if server detects that sw is sleeping and not replying
mleku | 8 months ago (raw) | root | parent | reply | flag 
 alby already handles this and it works, sorta, on coracle

authing is one thing that shouldn't force you to interact every time, you are in, until you are out, almost everything else can be though... alby does distinguish many things, and it definitely separates signing auth challenge events from any other type of event
mleku | 8 months ago (raw) | root | parent | reply | flag 
 also, yeah, this is part of the problem with the whole client ecosystem altogether... 

nobody seems to know what to do and they do nothing at all, not pointing fingers specifically but the lack of implementation of NIP-42 means the gate to paid relays and chatbots are both quite closed

and most of the relays don't process it properly either! pretty sure you have to write a custom plugin for strfry and the rust relay not heard anything about it supporting this feature, even though it seems to be the most popular