It is extremely disingenuous to suggest a public PoC was not available. It was part of the patch as a test case, and GPT/Cursor merely consumed it and rewrote it to Python. There is even a screenshot that points it out as a "smoking gun".
The patch for the vulnerable code itself contained an extremely clear description of what is going on. Even without the test case, there was zero effort made to hide anything, so the vuln, commented explanation, and PoC were all handed in-context on a silver platter.
Practically all relays will store your data if they are going to act as a relay for you at all. Very few things on Nostr work with ephemeral events alone.
It is a tool for communication. We can build a twitter clone on it, a chess match server, IoT messaging, etc. Nostr-the-protocol is a proper tool. Agreed that the social aspects built on top of it should be built with human wellbeing in mind - not ad revenue.
Hopefully having the nostr protocol in place lets people iterate faster to build good social technology, and accelerates moving past the ad/engagement focused platforms we live with today.
Nice (blog author here); just heard this showed up on the frontpage from someone on Nostr.
If I was writing an update to this, I'd probably point out how much better the clients (especially mobile) have gotten, in such a short span of time. As well as how lightning integration (zaps) are letting us build new capabilities (instead of just cloning twitter) that don't exist anywhere else.
Glad its getting traction, it was a fun read and introduced me to something new (tm). One issue I had about 'Zaps' was the 'pay-to-play' aspect which seemed in discord/disharmony with the OG vision of Solving the Right Problems
There is no blockchain. No proprietary social sign-in. No “real-name policy” No distributed hash table, onion routing, raft consensus, or peer-to-peer protocol. There is just a method of providing simple digitally signed text, and a simple, scalable search service.
I mean I get it aaannnndd 54 lines of Spec etc and there is a need for something like you offer/describe and I'm glad to have stumbled across the link that lead to this blog that leads to the GH <phew!>
Lightning already exists; so it is nice that a simple protocol can integrate with it. I view them as complementary - it is good that Nostr does not need crypto, but it is still cool that they can harmonize
without changing the core protocol.
It does solve a fundamental incentive problem of "who runs big relays".
Another good tip; when randomly generating passwords (especially for other users), filter out anything starting with a tilde to prevent strange behavior.
Lots of exciting work going on with this right now. I really like that I can open up websocat, and interact with a relay directly to learn how the protocol works.
The patch for the vulnerable code itself contained an extremely clear description of what is going on. Even without the test case, there was zero effort made to hide anything, so the vuln, commented explanation, and PoC were all handed in-context on a silver platter.