Oddbean new post about | logout
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +3 
 it's https.....
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +2 
 there is no nameserver.....
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag 
 it opens a port the same way as ngrok....
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 sigh...
ā–² ā–¼
VĪ”z | 3 months ago (raw) | root | parent | reply | flag +1 
 and we dont have password here!
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 and we're not paid by the pear people!
ā–² ā–¼
TheGuySwann | 3 months ago (raw) | root | parent | reply | flag 
 šŸ˜‚
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 šŸ˜‚
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 I am aware, that is why I am against both port forwarding and dynamic dns
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 it's a web server.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +1 
 The URLs , whoever control the relay domain / url , they control the web service.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 you don't understand how this works
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 There is a proxy in between, from your example: socks5h://relay.8333.space:8882

That transfers all the control to this proxy alone, they get to choose what and how they want to display šŸ‘€

If it is someone with malicious intent, they will do whatever they want.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 it's end to end encrypted, so no.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure

This command makes a request to relay.8333.space:8882 with a profile key; it is up to the server to decide if they actually want to serve the real content; they can just swap it out for something they run themselves (pretty much how pi-hole works by swapping DNS of ad agencies to trash), and the certs are self-signed.

You would never know if what you see is actually coming from your own host or has been altered.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 this is a demo. you can just as well download the cert and tell curl to use that to verify.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +3 
 you'll be convinced once I demo an ssh session on nws
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag +2 
 how I do ssh:

https://github.com/bitfinexcom/hypertele
ā–² ā–¼
Nate | 3 months ago (raw) | root | parent | reply | flag +1 
 Holesail uses Hypertele but combines it into an importable npm package.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 Actually no, it is inspired from hypertele but is a separate package with a lot more features.

To expose SSH just do: sudo holesail --live 22
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag +2 
 ha, posted at the same time lol
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag 
 you mean they create their own version of hypertele using DHTs, rather than hypertele directly?
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 Looking forward to it mate, no hard feelings I am just worried about the security issues with this system.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 Even if it is a demo, it uses a relay which is a proxy. Proxies can change content, or the host itself
ā–² ā–¼
TheGuySwann | 3 months ago (raw) | root | parent | reply | flag +2 
 If you hosted through this method, it would be publicly visible, (like any web service) just only through the Nostr network, what service/application you are hosting, correct?

(Also how do you do https without downloading and trusting a certificate? šŸ¤”)
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag 
 yes, only one service. it would be insane to expose the entire host.

you can just get the cert out of band, that's not the hard part. it could be published by the service as a nostr message for example.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +1 
 Only when the relay decides it, it can inject whatever it wants
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +1 
 Check out Cloudflare Zaraz; it injects the website with whatever content you like because they have the domain with them. (The NS)

Similarly, Ad and tracking agencies dynamically insert ads into the website without ever touching their main code.

It is https, but the certificate is not yours, and neither the origin server, they can insert whatever they like.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 of course the certificate is mine, I generated it