hostr needs protocol
i propose these:
web+hostr:/npub/d_tag
hostr:/npub/d_tag
web+hostr:/event_id
hostr:/event_id
shadow
npub19ukt...h9k5
hostr_loader firefox addon can load urls like this
ext+hostr:80cd9c0d373c354ebdce97bd1da743e1c987cfd2e8423a27c7f665b039c32603
this development addon is available here:
https://www.mediafire.com/file/17hatrb7eq1mgmd/hostr_loader.xpi/file
https://x0.at/5n19.xpi
to install, go to
about:debugging#/runtime/this-firefox
and click "load temporary addon"
it will stay until you restart firefox
successfully loading media.html web app from nostr using extension
idk what is in the picture
firefox extension running full web page loaded from nostr event
just hacking firefox extensions to allow inline scripts
inline scripts are generally not allowed
but its allowed to run script with browser.tabs.executeScript
its just dump, you have to import external library because browser native library works only on SECURE HTTPS sites
crypto.subtle....
IMPORT CRYPTO JS INSTEAD:
https://unpkg.com/crypto-js@4.1.1/crypto-js.js
do relays have the files? lets keep track
https://h.hostr.cc/p/103a0ad46013efa62540526ff67da42b4ef0f31c75d8fd913108b956566c7126/d/index.html
javascript security practices are so retarded
just remember to always use .innerHTML += instead of .append() to prevent some cors errors
web browsers should have built in tor
not for matters of privacy, but for accessing wider variety of websites
when you want to protect your identity through tor, of course tor browser is best option
confirmed: it is possible to create hybrid-onion websites
eg. your #nostr #web #client can load #images from .onion if user #browser resolves these (eg. tor browser) #onion #tor
added support for loading content from .onion addresses
you need to use tor browser or configure onion routing otherwise
this should load at least one image:
https://npub1zqaq44rqz0h6vf2q2fhlvldy9d80pucuwhv0myf3pzu4v4nvwynquf0rna.hostr.cc/d/media.html#oniontest1;v
or (may or may not be up)
http://shadowxcu2g6r6dfhnjsvojo5rqnlv42q25ko6zih5w3kwl2mfss3bad.onion/media.html#oniontest1;v
//
sending note with #primal
#snort doesnt work
#coracle is broken
#iris is broken
so its snort again
messing up with my notes
added support for loading content from .onion addresses
you need to use tor browser or configure onion routing otherwise
this should load at least one image:
https://npub1zqaq44rqz0h6vf2q2fhlvldy9d80pucuwhv0myf3pzu4v4nvwynquf0rna.hostr.cc/d/media.html#oniontest1;v
or (may or may not be up)
http://shadowxcu2g6r6dfhnjsvojo5rqnlv42q25ko6zih5w3kwl2mfss3bad.onion/media.html#oniontest1;v
added support for loading content from .onion addresses
you need to use tor browser or configure onion routing otherwise
this should load at least one image:
https://npub1zqaq44rqz0h6vf2q2fhlvldy9d80pucuwhv0myf3pzu4v4nvwynquf0rna.hostr.cc/d/media.html#oniontest1;v
or (may or may not be up)
http://shadowxcu2g6r6dfhnjsvojo5rqnlv42q25ko6zih5w3kwl2mfss3bad.onion/media.html#oniontest1;v
rabbit hole of system security goes far indeed
optimal solution is ofc where you get near native performance from everything, everything is easy to use, yet achieve perfect user account isolation where you can process sensitive stuff under one account and run insecure stuff under another
however, in the end we come to firmware and hw, where there is no control even in linux
setfacl is nice, because you dont need to mess your system files with chmod / chown. if you mess up, just remove setfacl rules and everything is back to normal
chmod / chown can break the whole system if used wrong
to run webserver, you dont really need /usr/bin executables
my webserver only need /usr/bin/env, all else can be blacklisted
linux user account isolation. remove /usr/bin permissions for specified user only
set default as no permissions for new files:
```bash
sudo setfacl -d -m u:untrusted:--- /usr/bin
```
remove all permissions from all files:
```bash
find /usr/bin/ -type f | while read f; do sudo setfacl -m u:untrusted:--- $f; done
```
whitelist what you need:
```bash
sudo setfacl -x u:untrusted /usr/bin/ls
```
wtf is snort messing up with my notes?