Comments

2

go1dfish wrote

Thanks, that site helped me get things sorted out and I think they should be good now.

Was using he wrong pem file.

Readjusted my config based on this:

https://gist.github.com/nrollr/9a39bb636a820fb97eec2ed85e473d38

2

go1dfish wrote

Totally understandable. Plan to provide an install able app eventually as well but it will likely just be an electron wrapper around the existing code.

More active in terms of links, probably less active in terms of comments right now but a bit hard to say given that it is anon my default.

My aim is to build a p2p/federated alternative to centralized sites like reddit and raddle that will eventually be usable to connect those distinct alternatives together retaining their uniqueness.

I'm building it based on reddit's open source UI which I have converted to react components (as seen on https://snew.github.io also requires js)

I plan to only support writes in JS because all authentication is crypto based and happens clientside don't want to accept passwords serverside at all.

Also I worry that if I provide more traditional post endpoints in such an anon environment it will make things way too easy for spammers at this stage.

And finally, voting is a proof of work problem, so to be able to vote on notabug.io at least; it is a requirement to run a pow solver locally. Voting isn't required to participate now; but if spam gets heavy it will become effectively necessary to raise above noise.

1

go1dfish wrote

Yeah I don't know what's up with that I'm using let's encrypt and certbot, I think it might have to do with a server move.

It only happens for me in tor browser and not in any other browser, genuinely confused.

Try https://www.notabug.io/ instead maybe?

Also site currently requires javascript, because it's built that way but I hope to get serverside rendering working sometime this weekend. WIll likely be read only this way for the foreseeable future.

You can download/build your own instance though and avoid browser security entirely if you like.

2

go1dfish wrote

This is why I went with anonymous by default for https://notabug.io

Want the site to focus more on ideas than individuals; I think the petty interpersonal drama and pigeonholin that happens on sites like this can be quite destructive.

I mostly just lurk here myself, I don't have any other accounts in case anyone else was wondering.

1

go1dfish wrote

Turns out I was wrong.

There is a (WIP?) python implementation of gun

https://github.com/xmonader/pygundb

So nab support would be making sure that was complete and then adding code to do the schema validation like this:

https://github.com/notabugio/notabug/blob/master/src/lib/nab/validate.js

1

go1dfish wrote

Currently the only implementation of the gun protocol is the javascript implementation of gun.

NAB doesn't really have a protocol beyond that as much as it has a data schema it enforces on top of the database arising from that protocol.

2

go1dfish wrote

I can totally understand this perspective and it's why I do want to explore serverside rendering.

But it does mean a tradeoff in this case, espescially once I support logins.

With the thick client approach, the logins I plan to use happen entirely client-side and your password is never transfered to the server at all.

This isn't possible with static web pages, you have to trust the web frontend you use to not steal your password.

That's just one example, but there are others.

Right now to the nodes it is much more difficult for a node to tell who is reading what (once the app is running) than if requests were coming in through a traditional url structure for every request.

The whole point of nab is putting as much choice as possible in the hands of end users and I do hope to eventually give users the option to make the above trade-offs as desired if someone else doesn't beat me to it.

2

go1dfish wrote

Because in your setup you must trust the site fully anyway.

This is not necessarily the case with the notabug approach if you can trust the code instead. You can run your own local copy of the js app, and/or you can verify in the browser that the app is not talking to or saying anything it shouldn't.

It's totally a valid concern, but the reasoning behind this approach makes javascript a necessary evil at this stage.

Other distributed aggregator projects like aether require software downloads, and I think that is a heavy barrier to entry.

Notabug users still have the option to use local software and if the gun protocol is ported to other languages it should be possible for different client builds to interact.

3

go1dfish wrote

Sure.

The core of nab is the gun database system:

https://gun.eco

It's a distributed p2p graph database in javascript.

It handles real time replication of data and changes.

Nab is built by defining additional validation rules for the incoming gun data to define a schema for the data that clients/peers enforce on each other.

Part of this schema is that the identifier for post data is based on a cryptographic hash of the post data, this and the validation makes post content effectively immutable. (For legal or other takedowns peers can replace their local data, but other peers can recognize the tampering since the hash wont match)

Voting is accomplished by a proof of work problem on those identifiers + "ups" or "downs" or whatever type of vote you want to track (nsfw marking will likely work similarly)

The most interesting code is here:

https://github.com/notabugio/notabug/blob/master/src/lib/nab/validate.js

https://github.com/notabugio/notabug/blob/master/src/lib/nab/read.js

https://github.com/notabugio/notabug/blob/master/src/lib/nab/write.js

All the details of the networking and replication are handled by gun, which is what made this so simple to develop.

Currently gun has some pretty major performance issues serverside, but the dev behind it is working hard to address.

1

go1dfish wrote

This is a known issue.

If you want to stay safe and anon while using nab the safest option is whonix or qubes which will allow you to run the JS in a vm that if compromised still shouldn't reveal your network location.

In the future, serverside rendering could could be provided by peers but that requires trusting the peer.

1

go1dfish wrote

Yeah I figured, but I was :) If this thing takes off I do hope there will be multiple implementations.

Some people are already doing some forks with changes, but they are mostly UI differences.

3

go1dfish wrote

Yeah I'm not sure how to handle that, nab the hosting site is obscure enough that it didn't seem like too big of a deal. I'm certainly not attempting to feign any association with them but I kinda like the irony of hosting nab on notabug if it wouldn't cause too much confusion.

I call it not a bug as a callout to Aaron Swartz.

I think all censorship should be deplored. My position is that bits are not a bug.

Not a bug was the name of reddit's parent company while Swartz was a founder.

http://archive.is/eBNaf

http://archive.is/d4NPt

4

go1dfish wrote

Really there is very little of my own code driving this, it took me about a week to build this out.

Gun db is doing most of the work, and porting that to python would get you 90% of the way to having a python peer for notabug.

https://github.com/amark/gun

Really for the purposes of providing hosting, you'd only be missing notabug's schema validation code.

3

go1dfish wrote (edited )

It's currently massively unoptimized.

Voting is intentionally slow and cpu heavy as it is a proof of work problem.

In some respects it will feel faster as it manages data locally.

The communications are real time, you can have live chats in threads.

It's p2p by design and right now there are no escape hatches. Your browser is sorting and counting votes, things that will eventually be more federalized and handled at the server level.

It will likely always be more heavy than postmill, but with that will come some additional benefits. Software is always about tradeoffs.

3

go1dfish wrote

Glad you find it useful, more likely it is the reddit admins that are to blame and the sub would be banned entirely if the mods did not intervene for such comments.

Similar thing led to the shutdown of r/uncensorednews

2

go1dfish wrote

Yes, though I prefer to use the term voluntaryist as I believe it more accurately describes my philosophy and tends to make the AnComs less angry about what they perceive as an appropriation.

1

go1dfish wrote

It's generating the same dom as reddit in the end, it should be easily adaptable to a js-free serverside rendered approach.

Another approach to mitigating these issues is a locally installed application.

I'll admit to not being an accessibility expert, but if frontend JS can be accessible at all, then notabug should be roughly as accessible as reddit.

2

go1dfish wrote (edited )

Yeah I'm hoping for that. I'm aiming to have full compatibility with existing subreddit styles when I add community features.

Other clients can do what they want though, at least one other user is working on a leaner UI rewrite using jquery.