In 2019 I forked Mastodon. In 2020 I built communities online. In 2021 I helped Donald Trump create Truth Social. In 2023 I built a bridge between Mastodon and Nostr. In 2024 I am building new Nostr infrastructure to spread freedom on the internet and beyond.
Public Key
npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Profile Code
nprofile1qqsqgc0uhmxycvm5gwvn944c7yfxnnxm0nyh8tt62zhrvtd3xkj8fhgprdmhxue69uhkwmr9v9ek7mnpw3hhytnyv4mz7un9d3shjqg5waehxw309aex2mrp0yhxgctdw4eju6t0j25ga5
Author Public Key
npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Show more details
Published at
2024-09-18T18:08:34Z Event JSON
{
"id": "200fbdcfdab784a3a0e65befaf4beabaef7bfdf23e1d779b50c9ea3ed404216f" ,
"pubkey": "0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd" ,
"created_at": 1726682914 ,
"kind": 0 ,
"tags": [],
"content": "{\"about\":\"In 2019 I forked Mastodon. In 2020 I built communities online. In 2021 I helped Donald Trump create Truth Social. In 2023 I built a bridge between Mastodon and Nostr. In 2024 I am building new Nostr infrastructure to spread freedom on the internet and beyond.\",\"banner\":\"https://image.nostr.build/a4c135a3f13f0c91d152f1512da84f250bdf8d45dc36262243de5236a2a3cb28.jpg\",\"bot\":false,\"lud16\":\"[email protected] \",\"name\":\"Alex Gleason 🐍🚬\",\"nip05\":\"[email protected] \",\"picture\":\"https://image.nostr.build/3320e9c4901646a3dd8b648d5414d8a01068e1498eb935a6b415f3a9465cdd3b.jpg\",\"website\":\"https://alexgleason.me/\"}" ,
"sig": "3be7f6daf3e9710d178750d15c581f6f7dffedd2499dc50cfc85b801d8e136af7ada10c2adafadc83c5529932becfdf72c7bd5d23678cc1e3f395b2f9cc62beb"
}
Last Notes npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Alternatively require high PoW on just kind 0 events. Really high, like it takes at least 1 minute to mine. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 *dealing npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 It narrows the point of attack, so you're only healing with one thing instead of 10 things. Then you rate-limit kind 0 creation by IP to a certain number per day. This is a relay. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 However there is a part of me that questions this whole design. I want to build a new relay client called StaticRelay (and I will rename NRelay1 to ZombieRelay), where in StaticRelay I will completely ignore this text in NIP-01 and it will be the best performing relay client out there: > Clients SHOULD open a single websocket connection to each relay and use it for all their subscriptions. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 I am working on an update to #Nostrify where the relay connection will close automatically after a period of inactivity. https://gitlab.com/soapbox-pub/nostrify/-/merge_requests/97 npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 The problem with ReplyGuy is that he's aware of my policies and actively circumventing them. So I figured out his IP and blocked it, but... Ditto also ingests posts from other relays, and those relays are getting hit by his spam and not blocking it, so it's filtering down to us from there. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 What I ended up doing is just blocked this IP, and look how that little yellow squiggle on the bottom fell out of the sky and died: 18.215.247.200 https://image.nostr.build/61d1341cdbe983a995d36720b77688b51c67183591386c74225058e4acc2a797.png npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 I have also been thinking we need a social credit system, but "pagerank-like graph analysis" is a nicer way to put it. 😂 npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Yes but what is the solution for relays... it is making the assumption that any relay is currently set up to prevent this spam. It is the same problem whether it's on a client or relay, and shifting responsibility to the relay gains you IP rate limiting at best, but this guy is throttling his own script to not get rate limited. Whatever the solution is is the same for clients and relays alike. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Last one, here is a basically complete graph of common event kinds by disk space. Maybe I should nuke the entire "other" section of this graph to free up space. https://image.nostr.build/ca189e536431391acb9f203fa0b1c544190f851d3d70de3c1d1f408f7b71faf5.png npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 To my amazement, kind 3 is actually very small. I guess because it's a replaceable event, so each person only has one of them. Still you would think the massive pubkey lists would be huge, but I guess most people aren't actually following a million users. https://image.nostr.build/c7768b176e78b8b209381ba600648eda858446601fb96fb3b54173e375c1ffbf.png npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Alright here you go. Kind 4 is on the graph but it's so small you can't see it. Kind 6 is signficant. Also I calculated it without rounding this time, so it's more accurate. https://image.nostr.build/0bb55afb6b8009ac14000d5b26f81e5d40c058f98891e02dd049d874189b9dbf.png npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 I can only input a kind number and then 5 minutes later tell you the percentage. So guess a kind and I'll tell you in 5 minutes. npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Kind 1 events on my relay (of 12GB) account for 5.2GB of data, nearly half of all events. https://image.nostr.build/3bf11d136ef392804c1c273789a87b54f47f3d52266a66d816b43a420f39b372.jpg npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Outbox model is a 🐔 and 🥚 problem. How do you know where to get the user's relay list if you don't have it? npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 This is a problem with Nostr itself, with the design of kind 3 follow lists. It needs to be fixed in the NIPs, but nobody will do it because it would break all existing follows. Ditto has the same "problem" as Primal, where you can't follow unless we already have a follow list for you. Because it's worse to delete a person's entire follow list by mistake than it is to prevent them from being able to follow. I'm working on a design for a "sync profile" modal to fix this, where it gives you the option to try finding your follow list, or to create a fresh one (destructive). npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 This man gets me. https://image.nostr.build/652d0780d279512fa5124dcfb1d38b074ab1f2677c054c6364109e31f1e61f16.jpg npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 What about chasing butterflies in your own garden... npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 Monesday, Tuesnesday, Wednesday, Thursnesday, Frinesday. Happy Thursnesday! npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p Alex Gleason 🐍🚬 My new antispam thesis is this: 1. Reject events unless we already have a kind 0 (profile event) for the pubkey. 2. Restrict making a kind 0. By requiring profile events, you force the attacker to create a profile. By restricting the creation of profiles, you slow them down. Real users should still be able to get in because they won't hit the same limits. We just recreated web 2.0 security on Nostr. "You need a profile to post?" -Nostr Zoomer