someone's avatar
someone
npub1nlk8...jm9c
someone's avatar
someone 2 years ago
This is a really big deal!! Vitor broke the whole web 😄 As far as I understand the javascript at the link loads an HTML page, a CSS file and another javascript file all hosted on Nostr relays and renders a web page. View quoted note →
someone's avatar
someone 2 years ago
This account started publishing NNS (30053) notes using the Nostr Signing Device. The private key is not touching the computer. npub1rmrgzrc6u9ztuy6tnu62kzfnd2ev6gp899927fh2q6fsx6r7kztsugundg
someone's avatar
someone 2 years ago
== How to configure Nginx to use a backup relay when one crashes == TLDR: More reliable relays, happy users. This may be a tip for new relay operators. Experienced ones might find this boring. I have been playing with some configurations in order to make my relays more reliable and closer to the users. Overall user experience should increase. While doing that, several days ago Northwest USA copy of nostr.mom crashed once. The reason was probably my spam filter using a lot of memory or the cloud server running 3 strfry instances (1 relay and 2 streams) at the same time. The server had 16GB memory and it was not enough for all of these it seems. Strfry depends on LMDB and LMDB uses a lot of caching, this temporarily results in less amount of completely free memory. Apps that cant find memory can be crashed by linux. I had to find a way to redirect users to the other server when a crash happens. e.nos.lol has two copies now. I am going to use A and B for representing IPs. One is at A.A.A.A, and the other at B.B.B.B. Any user on the planet is redirected to one of these, whichever has lower latency for him. But what will happen if the relay software (strfry) crashes in one of the copies. Is there a way to send users to the other server automatically? The DCs, hardware and nginx are reliable and ancient technologies. Strfry is very reliable too but if another process is eating a lot of memory linux can decide to close one of the processes on the same machine even though they were playing safe. By the way recent suggestion for strfry runners is to use some swap space to be on the safe side! I think this makes freely allocatable memory to be a big amount (that includes the free space in the swap). I checked my latency based DNS service, bunny.net, they were offering a solution that involved pinging servers. But my hardware was fine and I needed a solution that checks the websocket server (strfry). Then I figured I can use nginx reverse proxy feature to achieve my redundancy goals! If a relay crashes nginx can use the backup websocket server. Then users would not see the relay as offline. It would be slow to fetch notes from a distant server but it would still be functional until the other server was restarted. This is the config on B.B.B.B that does that: upstream backend { server 127.0.0.1:7777; # this is the normal relay that runs on B.B.B.B server A.A.A.A:7777 backup; # this is where nginx will fetch from, if the above strfry instance fails } server { server_name e.nos.lol; proxy_next_upstream error timeout http_502; location / { proxy_pass http://backend; # ..... other stuff } # ..... other stuff } A similar config should be on A.A.A.A. Both servers should have firewall entries that would allow the nginx on the other server to communicate: sudo ufw allow from A.A.A.A sudo ufw allow from B.B.B.B If the local relay is running I can fetch 50 records in 0.3 seconds. If the local relay fails, nginx uses the distant relay and then I can fetch 50 records in 0.7 seconds. This increased latency shows that the packets are moving between B and A. You can say "why so much trouble, you could just make a service and it would restart the relay". But what if it doesnt restart for some reason? Or write policy plugin fails to restart, nobody can write? One of my scripts takes long time to load (thank you spammers)!
someone's avatar
someone 2 years ago
My experience while setting up a Nostr signing device Why: Copying nsecs between apps is a bad practice, we need to store keys securely. For bitcoin, hardware wallets are the way. For Nostr I am trying this new device. Back story: I operate nos.lol and rely on DNS infrastructure for users to find me. Basically DNS converts nos.lol to a machine address: 88.198.51.48. But DNS is ancient and has its own problems, could I just publish the IP on Nostr, and users could find my relay on Nostr itself, that way we could get more independent! While I was thinking about this Vitor talked about how much trust is given to servers in current protocols, and mentioned that DNS is one of them: View quoted note → Then I proposed something like this: Kind: 30053 meaning nostr name system (NNS). Tags: [['d', 'e.nos.lol.nns.'], ['ip4', '5.161.158.164'], ['version', '1']] This means e.nos.lol in the NNS system resolves to 5.161.158.164. If anyone trusts my pubkey to be authority regarding the e.nos.lol they could find a note with e.nos.lol.nns in it with kind=30053 anywhere on Nostr. This frees us from the existing DNS. (e.nos.lol is a relay where I try things and play with new toys). For this I needed to find a secure device that can hold the private key that will sign those notes. My current public key is old and I copied the private key to various apps and it may not be secure.. What I did: I found this page,
GitHub
GitHub - lnbits/nostr-signing-device: Signing device for Nostr
Signing device for Nostr. Contribute to lnbits/nostr-signing-device development by creating an account on GitHub.
 which seems to be DIY’ing it. I have no relation to these guys and can’t vouch for how secure they are and they may rug pull. So use discretion and caution and I am not responsible for what you do and not responsible for stolen keys! I bought the device and it arrived in 4 days. Some unboxing pics:
image image
After I inserted the USB-C, the device boots and I didn’t worry about the messages: image I installed the chrome extension here: https://chrome.google.com/webstore/detail/horse/ogdjeglchjlenflecdcoonkngmmipcoe I went to this page to flash: https://lnbits.github.io/nostr-signing-device/installer/ image I inserted the USB-c cable to the device. Clicked Flash and this is shown: image I select the USB, and it connected! Showed these options: image I clicked Install. After a few minutes now the device is flashed. I clicked Config, then Connect and copy the private key in hex format. The nsec format won’t work: image Clicked “Save to Device”. Now the device shows: image I went to iris.to and clicked “Nostr extension login”. Now I can see it is copying the npub from the device and logging on to Nostr! image Iris says this and it is good: image The horse is ON! image I tried signing with it with a reaction note (Likes on Nostr). It worked again! I couldn’t make it to work with Snort or Primal though. Also I have to find a way to connect Python scripts to this tech in order to publish NNS notes.. Conclusion: Not all websites supported it but still being able to connect to Nostr without exposing the private key is pretty big deal! I am sure this will get better in the future.