Oddbean new post about | logout
captjack | 3 months ago (raw) | root | parent | reply | flag +1 
 free service SHOULD NOT BE ABUSED of SPACE + BANDWIDTH even IF even content are legit. just mass delete n block npub
mleku | 3 months ago (raw) | root | parent | reply | flag +2 
 that doesn't help, uploader can make new npubs at a rate of tens of thousands per second
captjack | 3 months ago (raw) | root | parent | reply | flag 
 thats why RATE LIMIT in free/paid is important , which quentin is NOT using - allow any npub max 10MB doesnot matter what content - there are auto content filters. NIP-42 doesnot prevent RICH paying abuser also. any illegal delete PAID or FREE dnot matter
mleku | 3 months ago (raw) | root | parent | reply | flag +1 
 1. npubs literally take less than a millisecond to generate
2. tor allows an attacker to keep changing their IP every minute or two, defeating IP based block/rate limiting
3. wasting resources recognising images with an AI engine is costing money
4. it is an assumption without any basis that this attacker wants to pay to make this happen, and if they do, then there is per-subscription limits, and the option that abuse can cancel the subscription

bitcoin survives because it pays people to protect it, subsciption services survive by charging people to use them
captjack | 3 months ago (raw) | root | parent | reply | flag 
 RATE LIMIT is already used by many - they are SAFE from exit IP or npub changes that simple to mitigate n slow them down to non-abuse levels (this is nothing to do with content). any attackers can break any filter over time once they learn it.
mleku | 3 months ago (raw) | root | parent | reply | flag 
 less than a millisecond for a new npub, less than a second to auth with it, resume spam

paid subscriptions can still be attacked trying to break the security but they can't upload data the server is dropping automatically and ceasing to respond to it

there are many countermeasures, please, you, and quentin, study some network security theory

google and yahoo and protonmail and cloudflare deal with this bullshit every day, and you don't know it until someone finds a crack and jams a wedge in it
captjack | 3 months ago (raw) | root | parent | reply | flag 
 u r less 1ms theory is taken already care by using CF frontend which many using - so thats not a problem
mleku | 3 months ago (raw) | root | parent | reply | flag 
 it's not a theory, i wrote a key miner and it does over 100k new pubkeys every 5 seconds

CF is only stopping the more obvious bulk traffic attacks, not protocol level ones
captjack | 3 months ago (raw) | root | parent | reply | flag 
 POW enables gateway stop ur script unless you hardware is strong enough
captjack | 3 months ago (raw) | root | parent | reply | flag 
 NIP-42 and POW both that prevent that  but allowing non-auth npub is also important for growth of nostr. 
no normies even know how to use nostr and asking everyone to use NIp42 client is make no normies use nostr.
so RATE LIMIT is still the key
mleku | 3 months ago (raw) | root | parent | reply | flag 
 normies won't have anything to come to if the network is broken
mleku | 3 months ago (raw) | root | parent | reply | flag 
 PoW, or fees, either way

we have lightning network integrations everywhere

PoW will only last as long as it remains more expensive or complicated, after that, only subscription fees will stop them

bitcoin survives entirely because it costs more to attack it than the benefits it provides
captjack | 3 months ago (raw) | root | parent | reply | flag 
 fully subscription only based will kill NOSTR from new comers evenb before it is born by that approach
there are several FREE image uploading n  txt gossip services to attract normies besides nostr.
captjack | 3 months ago (raw) | root | parent | reply | flag 
 FREE relays FREE CDN are must for new comers even wine relay has FREE new npub service.
mleku | 3 months ago (raw) | root | parent | reply | flag 
 nope