Replies (77)
I'm curious to see the code
Thanks for making Nostr stronger...
Who is “Reply Guy” then, if not the duck?
Are you the AWS server or the Colorado one?
I have no idea, but might be somebody who wants to highlight which relays are not filtering spam well (hence why it says which relay it came from)
Both, I was using a VPN in Colorado at one point. Sorry if things got a little out of hand, and much respect for handling it really well
Speaking as an ordinary user I never experienced any spam, thanks.
You know what would have made this whole exchange better? If you were talking to me the entire time you fucking retarded coward.
theduck
Hey nostr, I was the "emoji" spammer and while it probably went overboard my hope was to help incentivize people to help solve the spam problem. That's why it was targetting devs. Hopefully it was not too disruptive to ordinary users.
Anyways, I think the point was made and some good discussions have started so I've gone ahead and shut it down. If anyone is curious I can share the code.
BTW I'm not the "ReplyGuy."
@rabble @jb55 @Alex Gleason @utxo the webmaster 🧑💻
You’re not challenged nearly as often as you should be. It’s made you harsh to viewpoints that aren’t your own or in those of your circle. Missed opportunities to take it in and grow from it.
Hey now…
@Alex Gleason that’s a pretty intense take. We’re building a system which is going to face much more direct and underhanded attacks. Having friendly red teaming of Nostr right now, is good. Sure, it was frustrating, and it could have been better if it was in the open, but future adversaries aren’t going to do that.
Interesting.
Seems reasonable
💯
Bro calm down. He did it for the betterment of the protocol. Imagine when state actors try to compromise nostr and make it unusable…
So you are a BOT thank you for the inspiration
Absolutely. Best thought of as helping nostr to improve. This is nothing compared to what will come if nostr continues to gain more traction
I appreciate that you've come out. And I also appreciate that you were considerate. enough to only target devs.
However no dev ( myself included ) likes having their app exploited. Especially when they know it's broken. So you saying that the spam was worth it to start a discussion feels like gas lighting. because many of us already knew that spam was going to be an issue
All that side I will swallow my pride and admit that it did quicken the discussion of how nostr clients can deal with spam. And did force me to reconsider some things in my client
💯
So pleased
@rabble for this sensible take. I can see why some may not see the positive side of this esp if it is their work or their "baby" is at stake. But greatness requires moving past your pride and ego. 🫂 Whilst it is frustrating, sometimes tough love is required to accelerate the discussion esp if it is common knowledge within the tech community that it is a problem. I'd say, I'd prefer to have a friendly red team than a malicious one. Yes, it is frustrating to the non-tech but we are also early adopters so we have high tolerance for this eventuality. In the end, we are hoping to see a solution that will not compromise the foundation of nostr - censorship resistant. ❤️👌
forcing (not offering) your opinion on to everyone else and make them do your work for you immediately when you want it done is so not nostr.
I most definitely want to see this code.
View quoted note →🤨
Oh.
Takes balls to admit 🫂
Nostr needs red teamers to flourish. One type of spam makes devs lazy with filtering ✌️ WoT based filtering is the robust answer
Really not doing yourself any favours here Alex. Think of this as someone disclosing a critical security vuln in 99% of the apps in an app store. Some apps won't patch until forced to do so. Pure white hat reporting just wouldn't work. And like others have said, this spam could be much worse if truly malicious.
Is this a throwaway identity or should I follow?
Yonle did a bunch of shit to draw attention to Nostr's weak points, yet all he got was relentless shit from the majority of developers and users while having his technology unfairly targeted to the point of saying "fuck Nostr" and leaving it entirely.
Fuck off, Alex has a right to be mad as hell right now.
@ODELL @Marty Bent would love if this was on the rhr list this week!
Red teaming is one thing, but what these people did goes beyond that. They're not adversaries testing the system—they're criminals, effectively stealing time and resources from devs who are already struggling to keep things running. It’s not just frustrating; it’s actively harmful to people trying to build something good, especially when the attacks are done in secret
omg replyguy is terrible...
Only no publicity is bad publicity 😃
Good to hear you're done now.
No pain no gain… real enemies are going to try and take you down, not polish off and improve things
Embrace the chaos
Are you now working on solutions?🤔
"Hopefully it was not too disruptive to ordinary users."
You failed on that on
@theduck
What did you in advance (solving the spam problem) before taking action unleashing that amount of spam?
View quoted note →Think of it as free beta testing. If one bottom feeder can break your relay, you have serious work to do.
behind a duck? not really
Exactly, we need people attack nostr all the time to make it stronger…
At least the truth came out. That's what matters
If your intentions weren't malicious, it's worth pointing out that this was poorly timed. New people from back-to-back conferences, the telegram thing, and the Brazil/X thing probably hadn't even a chance to figure out how to manage relays, let alone how to manage spam.
it was more effective than my 9 months of saying "wen auth" tho
👀👀
I'm just saying, as an ordinary user, maybe try to minimize harm, if strengthening is the goal. This would have been just as "effective" during a period of stagnation.
When? My assumption is they are already here. Why? Governments who seek to maintain control always seek out anything that stands against it. #btc & #nostr both challenge modern society.
Once Jack Dorsey endorsed this place it would have definitely been monitored if not before then.
Been saying for months that narrative warfare never takes a break. It will get worse. This is the nature of any #war. Information war is just another one. #AI will continue to get more targeted. Many won’t know if they are speaking with a human or bot 🤖. To be fair it’s already been happening for years but will continue to imbed in all systems.
Again, how humanity deals with #AI the next 10 years will echo for generations.
Already gave my empathy & explained my views to
@npub1vj0w...mfew on this.
Heard. I understand why you did it. Appreciate you taking the shrapnel. Hugs 🫂
THIS IS GOOD 😊 to hear.
Well said.
Why? 😂 Admitting that you threw out a fire strike to make the ecosystem stronger shouldn’t require this.
FACTS!!! Boots on ground formerly. Learning cyber warfare to be of service to humanity.
An ordinary user below said they weren’t effected. It appears this was a targeted attack against only developers.
Truly malicious actors won’t care.
i think the latent frustration behind these "attacks" will become clear in coming weeks
me,
@semisol and
@shinohai have all been shouting about the culture problem in nostr dev
and yeah, if it had been me doing this, i'd only have spammed replies on threads of the devs, because they are the ones most impervious to the message
i also don't agree with the retarded indiscriminate nature of the spectacle, it could have been a lot more selective, because it drove away a lot of tentative newbies
🤣🤣🤣
The "civilian casualties" could have been reduced 😅 Not a single one of my adoptees has stuck around through this.
Ifs, buts, and coconuts & all that... timing is everything. I know how it is to have an idea & want to act on it right away. It's not always the best decision to do so.
That the time and resources can be stolen so easily is the problem.
PPN (pay-per-note) is the future.
Otherwise all incentives will align with centralization and walled gardens. The cypherpunks knew this. Bitcoin is the base layer to a larger decentralized solution.
As of now, 11.2% of Genesis-000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f branch realities have already figured that out.
When will we?
Control issues
well, i'm not apologising for it, i'm just saying that i had been warning about this
what is even more hilarious is the people doing it are doing it to make a dig at the devs, but not being very selective (they should have just been targeting their npubs only, IMO, to disrupt their lives instead of everyone)
anyhow, nostr isn't going away, but a lot of rockstar in group devs have faces covered in egg at this point, and i'm gonna enjoy that for a while
also, it's worth pointing out that with the hemorrhaging of userbase like this all those fancy pants are gonna be extra shamed out of this because they had plenty of time to make the system more resilient
Brilliant
Yes, I have been pinged by the bot.
Wood gork!
Theduck said he hoped it wasn't too disruptive. I was just offering some input on how to, perhaps, be less so, if that was a truthful statement. That's all.
yeah, it was disruptive, but he says he not replyguy, i only even saw one of this dumb things, didn't seem that big a deal to me, just some nutter
i mean, honestly, the replyguy notes are easy to recognise, all of them have the URL of the relay they were posted to at the end of them...
i think that replyguy actually has highlighted the fact that the majority of nostr client devs don't have basic programming skills like writing regexp
Why is this on the client devs and not relay operators?
Seriously, no client dev should be writing specific spam regex.
outbox model is client side, it's key to decentralization as well
write permission for relays is a separate thing, that's to conserve their resources
for example, and why i currently am not using coracle, it reads from relays in my follows lists, of which many of them include the relays targeted by replyguy, damus and primal being the two i see most often
why should it be reading from relays that aren't in my relay list, of events that are not of my follows, or my follows follows?
the default posture should be conservative for this client behaviour, so this is an example of how client devs need to take part in it
nostrudel is the best for fully implementing outbox model, IMO, though gossip and coracle both are not terrible
There is never a good time for attacks. The best time is now.
enable zaps
Plot twist:
@fiatjaf is the reply guy.
if it is true, those clients are f*cked! 😬 or we are f*cked too 🙈 I have been asking if anyone has done red teaming (pentest) on nostr. 🤞🤞🤞Any takers from our anon friendly white hats? ☺️
regex is too complicated and if not properly done, without following the basic foundation of programming, it can be a disaster: a) audit and continuity b) could open to a can of vulnerability. 🙈😬
