Oddbean new post about | logout
mleku | 8 months ago (raw) | root | parent | reply | flag 
 it should disconnect and not try it again

i watch my relay constantly being connected to and if i make my relay disconnect when auth is required they just keep trying and keep being disconnected and it's bullshit, so i just let the connections stay up, ping them, and drop all their messages
PABLOF7z | 8 months ago (raw) | root | parent | reply | flag 
 no, if you want to require auth you should close the connection and respond with `auth-required` to make it explicit that you won't let them pass until they AUTH

there's an in-between state (in which I am and why I ask) in which I want to allow people to AUTH but not require it.

We already have these as separate verbs so the protocol allows for this expressivity, but I doubt clients will not interpret AUTH as an possibility to auth rather than a requirement
mleku | 8 months ago (raw) | root | parent | reply | flag +1 
 there is a fairly high cost in handshaking that's the reason why i stand by what i say - just accept the connect, drop the messages, think like a firewall, what do you do to defeat a spammer? first port of call is ignoring them
PABLOF7z | 8 months ago (raw) | root | parent | reply | flag 
 no, I understand that if your relay keeps getting bombarded with clients that are not getting the hint that they won't pass without AUTHing ignoring them makes a lot of sense
mleku | 8 months ago (raw) | root | parent | reply | flag 
 it's what the relay should do if the clients don't respond with auth, to conserve resources
PABLOF7z | 8 months ago (raw) | root | parent | reply | flag 
 yeah, or you can just rate limit at the http level or firewall level which might serve more resources
mleku | 8 months ago (raw) | root | parent | reply | flag 
 btw, i see your client is sending your events to my relay... haha
PABLOF7z | 8 months ago (raw) | root | parent | reply | flag 
 you have it on your nip-65 right?
mleku | 8 months ago (raw) | root | parent | reply | flag 
 lol these stupid codes

i suppose if #coracle  sends them out then it sends them out

ffs how exactly did this improve over relay lists?

also, when can we migrate from the retardation of bureaucratic number lists to human readable codes? you know, bureaucracks are fucknig inhuman right?
mleku | 8 months ago (raw) | root | parent | reply | flag 
 also, what makes you think that a client sending an auth envelope with a challenge is not a requirement????
PABLOF7z | 8 months ago (raw) | root | parent | reply | flag 
 you mean a relay right?

in my relay it's not a requirement, but because there's no way for the client to initiate the AUTH my relay needs to send an AUTH out of the gate but if the client doesn't want to AUTH it's fine, they can keep using the relay, just with a "limited" view

whereas if a relay tells you "auth-required" that's a more explicit signal that you need to AUTH to talk to it (or at least to execute that filter)
mleku | 8 months ago (raw) | root | parent | reply | flag 
 yeah that is retarded

nip-11 already says auth-required

i send auth

i want auth

no auth

silence

ping pong ping pong ping pong

and no REQ

that's what works in the real world, i've kept my client open most of the time in order to gather intelligence about how retarded the clients are and that's my conclusion

unless you can forward a GTFO request upstream to your reverse proxy then just entertain them with silence