Oddbean

If you want to help #nostr and you have a server that you can use. Consider running a next generation relay like #ditto. It is not only great for communities, but best-in-class user interface, also with100+ nostr apps, and 100+ mastodon apps. Highly scalable and with powerful protective spam filters. We could do with a few more servers. If you already run a relay, consider trying ditto, too. Ditto has the potential to take nostr to the next level of growth. https://docs.soapbox.pub/ditto/install

Thanks i will give that a shot. Was running nostr-rs-relay for a while from my server but i found some content i didn't want on it and basically the only way to do that was by manually going through the sql database. I'd like to set it up so the people i follow can use it and whatever other npubs i add.

I like ditto but there’s some things that need to change with it. It’s lacking documentation needed for third party folks to run a ditto server. It’s a work in progress, but something which is needed. I think ditto servers need better user management. At the moment the only way to be “ON” a ditto server is to use that server for your nip-05. This feels like it’s overloading. I do like that it’s providing UI for relays, communities, and moderation reports. The other issue is that ditto right now is doesn’t help users creating nostr accounts, so users need to create an nsec/npub somewhere else, then come back to Ditto and register their nip-05 in order to join. It’s way too complicated for non-nostr users. I get why @Alex Gleason 🐍 doesn’t want to run an nsec bunker, but I think it needs a user authentication and authorization server which makes it easy for users who expect an email/password login easy with Nostr. Kind of like how crypto needed custodial exchanges in order to scale.

What missing documentation do you think should be added to https://docs.soapbox.pub/ditto/ ? As for custodial login, apart from the UX/freedom concerns I have with it, it's a huge liability on the server owner to store potentially thousands of keys... one breach to the server would permanently compromise potentially thousands of accounts. This would paint a huge target on Ditto servers. Right now Ditto is the most secure piece of complex software I've ever build because there's nothing to hack. I get that there are issues with the keypair flow. Believe me, it's a big problem in my mind. Adoption is hindered by it. But this is Nostr. Keys are the entire point. We have to convince users that they want to manage their own key.

The issue I faced yesterday was the readme didn’t outline how to evoke deno tasks and what’s involved with doing tasks for updating and managing a ditto instance. Looking at the docs they’ve improved but the readme is still terrible.

Yeah, because that’s the docs that get installed when you install the app… Personally I feel like the readme should give me an outline for what to do when I’m on the commandline on on the server. Also the docs assume a lot of knowledge. Like, how does the user management work in Ditto? How do I add users… how do I do things like moderate content. I THINK I add users by overwriting their nip-05 so it uses the ditto domain… is that the only way? What happens if I choose the dittio nip-05 and then switch to something else?

Wanted to reply this to the Solid thread, but that one seems to have disappeared. I just wanted to note that I'm currently adding nostr single sign-on to Solid. Rabble you may be interested to know that Solid already had OIDC sign in, which is quite complex, but I'm working through right now. I do have a vision of Nostr, Ditto, Solid, and maybe ActivityPub all working together. It might be possible to have all sorts of different auth systems, I've not fully thought it through. Alex has been down that rabbit hole further. I'll definitely know much more by the end of the year. I feel there's some sort of web convergence possible with these existing technologies, where nostr is one jigsaw piece...