Given how fast pubky is, it shouldnt be a big deal. It's all PKI. The only challenge is when keys change and rotate. But that's a whole other problem. What we gain today is huge already.
Yes, makes sense. A 3rd party with access to both can verify. Or you can simply make 2 signatures, which is a very strong assurance. If you have rotation by design, then yes there will be philsophical differences. But the technical aspects remain sound.
Great work mate. You really put it together in a way that will work. Not taking on too much. Doing one thing well. Managing the complexity budget.
Do you realize it works out of the box, with nostr? Just paste the privkey in your seed app, and it'll make a pubky:
I verified the KDF etc.
Things that #pubky adds to #nostr almost for free
- decentralized DNS
- npubs as domain names
- ability to use git via nostr
- ability to ssh via nostr
- ability to use many tools such as GPG, hypercore, keet
- integration into the browser
- fast, low power, deterministic sigs
- protection from lattice attacks
- integration with Signal, Tor, Wiregaurd, matrix
And plenty more. It's a lovely little bridge, for those that want it.
Impressivly, #pubky is compatible with nostr out of the box. Using a nostr privkey you can generate your pubky address and start using decentralized dns straight away:
https://app.pkarr.org/
One use case that drops out for free with #pubkey
You can can use your npub as a domain, forver, without paying fees. You just have
npub.nostr or pubkey.nostr
And use their resolver to set up, and then look up the domain. Click on it, and you are redirected to the domain.
This should be doable today, and if the NIP gets merged, many more clients can use it. Decentralized DNS plus nostr identity. Just by gluing two different web technologies together.
True that. I was in the working group that made activity pub. We really pushed hard for them to follow standards on identity that would have made all of this SO much easier. Got 80% of the way there, I think. In retrospect, could have been better, but could have been a whole lot worse. A decent AP / Nostr integration could help, but of course, the way things are now, folks are tribal. Discovery can actually be quite good on AP as it theoretically inherits from Linked Data. Not sure on the algorithm front ... isnt it just pluggable?
Things are evolving so fast. A small model that runs on your phone does today what a super computer did 5 years ago. I cant personally judge how hard or how easy this is. Good to see people trying, and competing with more proprietary tech from my POV. I realize that was a non-answer. If I had to guess I would say you could do quite a bit of algorithm with commodity hardware. Analyzing the videos may be tough tho. But this is all coming, it's the future, someone has to be in the space.
Proposed Nostr + Pubky integration. This would allow decentralized DNS and other stuff to transmitted via relays and the pubky protocol. Giving more options for developers and end users.
https://github.com/nostr-protocol/nips/issues/1548
Hot take on the #pubky protocol. Bits I like, bits I dont like, bits that involve trade-offs. Overall better than I expected. A pubky is basically an npub without a prefix and checksum. The enromously complicated npub checksum afaik is never used and its the "wrong" checksum (segwit vs taproot). Something nostr might be able to learn from. This is one reason why I'm glad there are different innovations in the space. Also nostr and pubky can be easily integrated. Would offer a lot new use cases. And I also like John, who has been often a voice of reason in the community. At this point, I wish them luck.
Interesting: "Pubky-core combines a censorship resistant public-key based alternative to DNS with conventional, tried and tested web technologies, to keep users in control of their identities and data, while enabling developers to build software with as much availability as web apps, without the costs of managing a central database."
https://github.com/pubky/pubky-core
You can say what you want about regulation. But in an unregulated market (alt coins) 99.9% committed fraud, one way or another, by lying to investors. We seem not to have solutions to the problem that lying is profitable. That would be a big thing to solve.
The Blockchain, originally called the Timechain, was one of the greatest inventions of the last 2 decades. But it's been misused so much that the term now has a bad name. The web, orginally called enquire, has been one of the greatest inventions of the last 4 decades. But so misused it has been given a bad name. The same VCs did this to both technologies. The technologies themselves are still good. They just need to be used in the interest of the user. We've barely scratched the surface of what either can do.
Looks pretty bad. There's always been links to proprietary alts, zcash, filecoin, now this. We've seen this movie before.
https://www.blockchaincapital.com/
Ultimate system would be: totally open, community-driven, permissionless like building a website—anyone can jump in and improve.
Take the best parts of Nostr’s relays, Bluesky’s UX, and Solid’s user data control, all combined. No single project hits everything yet, but by mixing their strengths, we get closer to an internet that’s truly for everyone. That lets 1,000 flowers bloom.
A relay is a web server that does 1 thing
A regular webserver does 99 things
For a complete web solution, you could add 99 things to a relay. Or you could add 1 thing to a regular server.
Both win because they can do more than the original.
A bit like the XRP code. You know they checked in the private key for the first 100 billion xrp into github? Then it all got traced, and they wiped the first 32,000 blocks from everywhere they could, to clear their tracks. Then overwrote the balances. I may have those blocks somewhere on an old machine. Would be funny to resurface them!
I’m at a loss for words. They gave a third party access to your private keys—a third party! And they can’t even acknowledge that this is wrong. They were explicitly told not to share user data with third parties. But instead of fixing it, they mock, they laugh, they deflect, they look the other way, and even go on the attack. They can’t bring themselves to say that this is bad. No words.
Interesting post from John Carvalho. A lot of seemingly simple topics, that are actually quite complex, covered. IMHO he gets more right than wrong.
What is very interesting is that ed25519 keys which are git keys or ssh key can do everything that nostr can do, and more. They can post stuff to lots of servers, relay stuff, integrate with most major tooling, and so on -- if they choose that.
But nostr can do one thing that pubky cant, and that is native integration with bitcoin time chain, distributed ledger and smart contracts. However this feature is still unused, and might never be used.
So in theory pubky could offer some significant innovation along slde nostr. I hope it goes well for them, as I like John, and it's good for users to have more options, and more innovation in the space.
https://medium.com/@synonym_to/pubky-launch-260f36ba8fe3
It's definitely up there. Things are moving so fast, though. Tip: if you sign up for hailou you get 3 days unlimited for free. If you also buy a plan (costs $9.99) you can queue a ton of requests for 72 hours, acutally I got about 80 hours. Ended up with about 500 gens, which would have cost me $150 otherwise, and learnt a huge amount.
This is a subtle but very far reaching part of the web. The ability to link to link to text fragments. One of the least appreciated parts of the web is that every page can have multiple items in it, and it is possible to link to them. This adds an extra layer of decentralization by linking to something in the page, rather than linking to the title or name of the page.
https://alfy.blog/2024/10/19/linking-directly-to-web-page-content.html
I told them over and over and over. Not to send user data (let alone private keys) to 3rd parties. They laughed. They literally mocked it.
nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqpqx953gmpz6nwhtm5ys6hadgtre90xx9t8984hdj5nkzud93rq36nsf7jcmq
I've been saying for a long time that coracle was my least favourite client. I knew it was bad, but not this bad.
nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqpqx953gmpz6nwhtm5ys6hadgtre90xx9t8984hdj5nkzud93rq36nsf7jcmq
Sending user data to 3rd parties IS actually sneaky. You are required by law to inform the user, among other things, and with good reason. Whenever this is brought up some devs are dimissive, and over-confident. More often they will deflect the problem by attacking the reporter. Staab is the worst I've seen for this. That is why I will call it out. Dont send user data to 3rd parties without consent. This is not controversial in the SLIGHTEST.
Remember that all relays are web servers. That means they all have in built ability to store media, which can be turned on or off. Never push media itself to the relay. Relays are for transmitting notes, and other stuf, from one user to another. But all relays, inherit the ability to store media, from the fact that relays are already web servers.
Nostr relays are web servers. The only reason they work is because they are web servers. Most are written from scratch, which means that 99% of the features of the web are not implemented. Reversing that, it means that relays can have 100x more features, that have been developed over the last decades. Once you realize the relays are just web servers, there's no nostr "winning" or "losing", the web has already won. We're just making it better.
Nice thoughts. Darted around a bit. I think the answer is simpler. Just used the web, and make it do what you want it to do. Nostr is simply a web sub-protocol that solves a use case. It shows what the web can do, now use the web to solve 100s of use cases. As they say, people that say something is impossible are often interrupted by someone doing it.
Oddbean new post about login | logout
Notes by melvincarvalho | export