People seem to be excited about my new project, Flotilla. It's still very much a WIP (probably a month out from MVP), but since it's been discovered I figured I'd go ahead and introduce it.
https://image.nostr.build/b9842d89fdc786ad3e86d692c4b52adce47e1bdd9daaf7d39cbf4806ecb75bc2.png
My goal for Coracle has for a long time been to support local in-person communities by replicating Facebook's events, groups, and marketplace. I've come to realize a few things about this project:
- Facebook is not the gold standard. In fact, people hate Facebook.
- There are many kinds of groups, for many different use cases.
- Very small chat groups work for most use cases.
- For almost all other groups, good moderation is key.
- Decentralization for groups works differently from decentralization for microblogging. Microblogging use cases benefit from simultaneous use of multiple relays. Community group use cases (in contrast to reddit-style groups) benefit from a single relay per group.
This is just the barest summary of what I've learned. But it's all in line with my long-held intuition that relays are, and should be, special. To that end, I'm creating a new client built around the dumbest form of communities that can be created: relays as communities.
Lots of code and specs need to be written to make this work, and as with Coracle, it'll be possible to host your own flotilla instance that only talks to a single relay, as well as use flotilla on desktop and mobile as a PWA and APK.
See the dev preview at https://flotilla.coracle.social. If you're interested in contributing, I've created several issues on the repository that should be good for first-time contributors: https://github.com/coracle-social/flotilla/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
nostr:nprofile1qyghwumn8ghj7mn0wd68ytnhd9hx2tcppemhxue69uhkummn9ekx7mp0qythwumn8ghj7anfw3hhytnwdaehgu339e3k7mf0qyt8wumn8ghj7mn0wd68yetvd96x2uewdaexwtcqyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cd990ua nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq35amnwvaz7tms09exzmtfvshxv6tpw34xze3wvdhk6tcprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qythwumn8ghj7enjv4h8xtnwdaehgu339e3k7mf0q9zhwumn8ghj7vm9wpekxemrvdaxv7ncwa5hsatj0fhxxcmnx3uxs6ehw45xz7t9d36nw6njx338qemhdeck2em9xfnrvmtjwdhxjepwdahxjmmw9uqzqla9dawkjc4trc7dgf88trpsq2uxvhmmpkxua607nc5g6a634sv5xzzv5w nostr:nprofile1qyghwumn8ghj7mn0wd68ytnhd9hx2tcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qgnwaehxw309amk7apww468smewdahx2tcpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7qpqarkn0xxxll4llgy9qxkrncn3vc4l69s0dz8ef3zadykcwe7ax3dqx0hggn nostr:nprofile1qyghwumn8ghj7mn0wd68ytnhd9hx2tcppemhxue69uhkummn9ekx7mp0qyt8wumn8ghj7cn9wehjumn0wd68yvfwvdhk6tcpzdmhxue69uhhwmm59e6hg7r09ehkuef0qyf8wumn8ghj7mn0wd68yv339e3k7mf0qqs8eseg5zxak2hal8umuaa7laxgxjyll9uhyxp86c522shn9gj8crssjeysr
had a dream last night with you in it. you were involved with trying to get these weird rescue helicopters to land in a small circle. youre doing great work. 👍
Is it correct that I'm unable to login unless I have an account specifically with nsec.app?
Even if I have my own bunker/nostr-event-signer?
Ignore me, I'm sure extra ways to login will make their way later.
I realise nsec.app is a great start.
Yep, other methods will be supported, but #1 priority is that it all be normie-friendly
It's safe to put a private key in nsec.app?
Yes, with the usual caveats about it being software connected to the internet, etc. But from my understanding it's FOSS and the key is stored in your browser.
OK, thanks for replying. Know you're busy.
I also was confused by the UI, but if you use the square button on the right, you can login with a NIP-07 extension.
Then, if you inject https://github.com/fiatjaf/window.nostr.js via bookmarklet, you can also use your nsecbunbker.
Communities come up from being walled gardens and safe places for the participants in it. ... having been in the digital space since mainframes and gopher clients ... this fits with my understanding as well.
Count in in as a fan & participant in navigating these social waters.
👀
nostr:nevent1qqsdcdkndm83lv8pycqs9ygpf7pvlqykmuuyc4z7c3humr3qhrsztlqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygyhcu9ygdn2v56uz3dnx0uh865xmlwz675emfsccsxxguz6mx8rygpsgqqqqqqs9n5lx6
An idea would be to host am “offline” community relay, with connectivity to meshtastic devices in remote places, such that people can communicate with each other. Would work great in _emergency_ situations too.
I would love to see p2p relays or alternative communication channels, just not sure how they should work
Relay app on cell phone that works via Bluetooth and finds any/all other app connections within 50 meters. Mesh Networks. Stores notes and other stuff until a connection to the Internet is found, then clears cache after posting to a full node server.
Uh, yeah, that sounds friggin awesome
Mesh Networks like that for direct communications were all the rage during the Arab Spring uprisings and played a part in protest marches in the period between 2015 and 2020. Most of the apps slowly died because they required updates and the state started hounding the programmers. Having something like that come up from the grassroots fully supported by Nostr developers would be a major game changer.
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgwwaehxw309ahx7uewd3hkctcpzpmhxue69uhkummnw3ezumt0d5hsz3thwden5te0vf5hgcm0d9h8ydnyv56kc6mk0q68gurhv3kh5unyvej8qmrpx4ehjcfjv9n8wurrv93x5atsxfu8q6f4v36kccnpvshx7mnfdahz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctcqyp6hjpmdntls5n8aa7n7ypzlyjrv0ewch33ml3452wtjx0smhl93j6nhxg8 is this on citrine's roadmap? Or already done?
I haven't tested anything yet using Bluetooth but I'll try eventually.
Sending the events after getting internet connection too
Love it - what about “multiple relays run by individuals in the group” rather than a single relay? That way you get better uptime, etc. or does trying to have multiple relays just make it harder?
It does make it more complex, mostly because you then need to coordinate which relays constitute a group, and/or deal with missing context when relays don't actively replicate content between them, and when members only join one or the other. My plan is the go between the horns of the dilemma and support multiple relays, but in serial rather than in parallel through migration events.
Neat, thanks. I have another follow up question based on when I tried to use off the shelf clients (damus, iris, snort) with a single private relay and kept seeing events leak into public relays… are you worrying about the problem of using existing clients and preventing them from re broadcasting notes to relays which might be hardcoded (or cached maybe) in the client code?
Back when I tried using a single private relay between multiple off the shelf clients, my process was:
1. Download a client
2. Remove all initial relays in settings
3. Add my private relay
4. Use the app
And I couldn’t get events to stay off the public relays.
Granted this was a while ago, and if a client can render an event, then it necessarily has everything it needs to send it elsewhere and a code audit might be the only actual solution.
Anyway curious if you’ve thought on this and are focusing or testing this problem at all?
Yeah, I've thought a lot about it. In theory, there's nothing you can really do to keep private data private once it's published — someone can always take a screenshot of your note. There are a variety of techniques that can help in practice though:
- Use AUTH to implement read access
- Use NIP 70 to ask other relays not to store your events
- Strip signatures (this is the nuclear option, it basically breaks nostr, but could be used in specific situations)
- Encrypt your content
- Use clients that are smart about replicating stuff
- Include relay urls in events and have both relays and clients validate that the event came from the designated relay (this isn't done anywhere, but I may use it for flotilla).
strip signatures is an interesting one
the farcaster protocol has a signature system whereby the signature is delegated via the hub you post to, you can't verify it unless you can get the hub's pubkey directory and find the key
i dunno if it really changes anything except making the event questionable...
ah yes, and repudiation has a benefit here, if the key were revoked before the date of the event it could be surmised that a compromise has occurred
Interesting 🤔.
Who's revoking what key in that last part? The user, his key?
oh i thought of another one... certificate chains, like DNS certificates
your client can demand such attestation about the software and if it doesn't provide one then it can refuse to send the event to it
certification organisations are a very important part of decentralised governance
governments are shit at it because it's not voluntary
hm that one is a hard one though... since the only way to verify source code is to hash the binary, and what is the process for how to sign the binary as it's running exactly
that's a good question... it's on my mind because i've been inspecting the CosmWasm architecture this last week and one of the things they have in there is a verification that ensures that a source code and a binary version are linked, this thing is a big issue in smart contract engineering - how to ensure that things are deterministic, and it kinda matters with source code too
there's a lot more to but how exactly can you be sure a server is running the software version it says it is, and not some altered version? you can't! at least not trivially
Delete content possible by user inside flotilla ? any plans for content delete feature?
Delete already exists, it would just be up to the relays to support it
ah thanks means relay .env either allow all or explicitly need to enable "event kind 5" NIP-09
github .com/nostr-protocol/nips/
i am trying easiest relay and been fooling around with few so far
kind_whitelist:
enabled: true
kinds: [10209,209,0,1,3,4,5,7,9,10,11,13,14,28934,10001,10003,9735]
still got 😭 or another one try - open all then put filter slowly
https://image.nostr.build/0ab2b367002083cac59170d80f144c403a89fa9ad5fe23c91b8a115e2e589d45.png
does flotilla support NIP-42 auth same like coracle? if enable at relay then only WL can enter
Yep, AUTH is a key part of the plan
wondering how to delete
i could find delete button in each list of chat- - like we see in telegram example
backend test relay all kinds enabled -- kinds = [[0, 40000]]
Delete isn't implemented in flotilla yet, it's on the roadmap
i love this project. nip 42 auth relays will be suppprted ?
@hodlbod is the Prince of Auth
no other client handles it more correctly, nostrudel also works pretty good now too
ya nostrudel pretty sharp, impressed by it. too bad no i0s apps seem to handle it well ( amethyst does on the android side )
when i tried to use coracle.social with just one relay, it still sent to damus and nos.lol relays. is that fixed? or is the single relay only an option for custom distributions? love your work🤙
What is nsecapp? Seems to be another extension. Won't let me login with Alby. 🤔
this website https://nsec.app/ oauth login, if you press the second button, the one with the arrow, it should log you in or at least with nos2x it does
Hmm can't work it out, and lost interest tbh lol
Probably doesn't work anyway. I'll see if I can login next year lol
I managed to log in, but if you don't have a community to go to, what's the point?
Ah, are there no publicly searchable communities?
Just wanted a look around mostly, but it seemed to annoying to log into
you need an invite code or search in relays, but it's still WIP version
I'll probably just wait maybe :)
Click the button next to the input to log in with extension
Oh I see lol, I just thought that was an 'enter' button. Thanks
Yeah, working on a redesign for the login page already haha
Oddbean new post about login | logout 
