Oddbean new post about | logout
mleku | 7 months ago (raw) | root | parent | reply | flag 
 i vote no because tight coupling creates hard to extend architectures
hodlbod | 7 months ago (raw) | root | parent | reply | flag 
 I'm not talking about technical coupling, but about coupling within the domain. The same people are running the relay as the client
mleku | 7 months ago (raw) | root | parent | reply | flag 
 it's an interesting idea but exceedingly simple to implement, literally just add new thread to the startup code that launches a web server

it has some nice privacy preserving effects so there's that too, but it is a shared resource, so it has other kinds of security issues to concern yourself with (users on the same server finding ways to get at other users data)
fiatjaf | 7 months ago (raw) | root | parent | reply | flag 
 How does that work? Is it a proprietary thing?
hodlbod | 7 months ago (raw) | root | parent | reply | flag 
 It's this thing: https://github.com/nostr-protocol/nips/pull/1079

The instances are white-labeled coracle/triflector deployments that are hardcoded to talk to each other. I'm going to make a video about this soon.
mleku | 7 months ago (raw) | root | parent | reply | flag 
 the client surely has to derive a private key from the invite though if i understand the proposal, and this private key needs to be stored by the user for security against loss

i think a signed code would be more secure, so it would be verifiably linked to a privileged user on the relay (like giving the relay an identity, this is something i'm working on right now), what's to stop a permutation attack if the string is short enough?