Oddbean new post about | logout
quentin | 4 months ago (raw) | export | reply | flag +4 
 Hello nostr:nprofile1qyd8wumn8ghj7mn0wd68ytn5dpjhxctdv43kzapwd9hj7qgewaehxw309aex2mrp0yhx6mmddaehgu3wwp5ku6e0qyghwumn8ghj7mn0wd68ytnhd9hx2tcppemhxue69uhkummn9ekx7mp0qyf8wumn8ghj7mn0wd68yat99e3k7mf0qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qguwaehxw309aekzar9d3kxjar99e585unyxy6rjtnrdakj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uqzqfngzhsvjggdlgeycm96x4emzjlwf8dyyzdfg4hefp89zpkdgz992jelr6 . I am looking at blossom's spec. I have a few questions that I can't make sense of. 

1- Why doesn't blossom use NIP98 as an authorization event? 

2 - Why does it use its own event with kind 24242 that is not in the standard?

3- Why a whole new protocol if it could have been integrated, for example, in NDK + nostr-tools + NIP96?  Does it make sense to go against all the work done these years?

I would like to have a productive conversation, as I am evaluating the possible implementation of blossom for the new version of nostrcheck-server. Starting from NIP96, the modifications to be made in the source code are minimal, apart from the authorization event that does change completely.
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 Initially I tried to use NIP-98 auth events for blossom. But it didn't work. NIP-98 requires that the full URL of the endpoint be in the event. Which means that the event would only be useful for uploading to a single server.
For blossom, the user can upload to multiple servers, similar to how nostr clients post events to multiple relays

I can't easily answer your third question. Since I'm typing this on my phone. But to summarize
NIP-96 allows media servers to describe themselves so nostr clients can easily integrate with them
Blossom does allow media uploads. But its goal is to allow blobs to "move" around between multiple servers similar to how nostr events move from on relay to another
quentin | 4 months ago (raw) | root | parent | reply | flag +1 
 I have seen that you are visiting Spain, we could meet and have a beer 🤣🤣

Now as for NIP98. It would be as easy as authenticating on each server separately no? What you describe is something very necessary to manage authorization events, which avoids reusing an authorization event (intercepted) to authenticate on another server

NIP96 now allows to list files as well, and the spec in its essence allows to upload files to several servers at once. There is an event (kind 10096) to publish the list servers.

I don't really have anything against blossom, but I want to understand it well before I make a decision
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 I agree with you on auth part, especially given that signer apps can have special cases for file uploads like "sign uploads auths for this hash for any server for 5 minutes"

And I am in Spain too, beers sound nice
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 I would love to meet up. Although I'm cycling the Camino de Santiago right now so I'm not really in one spot for more than a day.
I just left Burgos this morning and I'll probably stop somewhere around Hornillos del Camino at noon

As for the auth event I agree it could work with NIP-98 and the signed could handle multiple events. However I dislike nostr apps asking for more than one signature for a single action.
The way I think about it, it is a single action. Your not signing to upload to a server. Your signing the hash + expiration so it can be uploaded to any server.
Again I'm thinking of it like nostr events. You sign once and publish to multiple relays
Water Blower | 4 months ago (raw) | root | parent | reply | flag +1 
 You are cycling and doing Nostr dev at the same time?
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 No development, I left my laptop at home. but I've been doing a lot of thinking 😀
Water Blower | 4 months ago (raw) | root | parent | reply | flag 
 And you are unicycling? Legendary 

I wanted to learn it when I saw the British YouTuber unicycling around the world years back.
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 Ohh that's way too far up to the North :(

Blossom servers should probably support both ways - "upload anywhere" and "upload only here", otherwise I'm forced to assume the server and app might reupload my file anywhere. Maybe nip98 needs a list of servers instead of just one. 

People had to invent "-" tag for events to prevent this permissionless rebroadcasting with relays, I'm sure the same question will rise with files.
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 Sorry to hear that, although maybe we will meet at nostriga?

The permissionless rebroadcasting is the point, that's how we get censorship resistance.
Blossom and NIP-96 are designed for public media, neither have the expectation that the media will be kept private.

I wouldn't be opposed to making my blossom-server implementation support NIP-96, however I don't think it would make sense to add it as a requirement to the protocol since supporting two event kinds would double the complexity
mleku | 4 months ago (raw) | root | parent | reply | flag 
 http authed webdav already does that use case anyway
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 Anyone can rebroadcast file permissionlessly by authing with their own keys. But ok, maybe delegating this to a server to save bandwidth is an added benefit. Will see how it develops
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 Haven't decided about nostriga yet
quentin | 4 months ago (raw) | root | parent | reply | flag 
 @hzrd149 I will get back to you shortly, sorry for the delay. I began to understand your approach with blossom. And how the files move through servers