From 718568d2f53dbda99428c8e7496ed7e49cc399f6 Mon Sep 17 00:00:00 2001 From: Mike Dilger Date: Wed, 4 Jan 2023 12:39:02 +1300 Subject: [PATCH] README update --- README.md | 67 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index f4fca11c..6b1d4201 100644 --- a/README.md +++ b/README.md @@ -2,36 +2,51 @@ Gossip is a desktop client for nostr. -Nostr is a social media protocol and ecosystem, kind of like Twitter, Mastodon, Gab, Post, Gettr, Farcaster, Truth social, BlueSky, Locals, Minds, Spoutable, etc, etc.... except that you control your own account and nobody can silence you so long as some relay operator somewhere allows you to post. People are finding many additional uses for nostr that go far beyond just chatting, but this client is focused on chatting. +Nostr is a social media protocol and ecosystem, kind of like Twitter [^1] except that you control your own account and nobody can silence you so long as some relay operator somewhere allows you to post. People are finding many additional uses for nostr that go far beyond just chatting, but this client is focused on chatting. Nostr stands for "Notes and Other Stuff Transmitted by Relays." +[^1] and Mastodon, Gab, Post, Gettr, Farcaster, Truth social, BlueSky, Locals, Minds, Spoutable, etc, etc.... + ## Status -Gossip is currently early alpha-quality code. As of right now you can (if you aren't stopped by some bug): +Gossip is currently alpha-quality code and I do not recommend using it as your main client at this point. But it is getting close to the point where I will be able to remove that reommendation to not use. So adventurous souls may try it out to see what it will be like. -- [x] Follow people by user@domain (NIP-35) or by public key (hex or bech32) plus a relay where they can be found, or by finding them in the feed, clicking their avatar, and choosing to follow them on their page. -- [x] See the feed of posts by those people, threaded or not, including avatars and reactions. But many events you may be interested in (such as replies to your own messages) are not queried for yet. -- [x] User-control of when to search for missing events (events that are referred to by events you have), and a display of how many of them are known about and are missing. -- [x] Generate or import (hex or bech32) a private key (your identity) and it is kept by the client encrypted under a password that you need to unlock it every time you start the client. -- [x] Choose relays to post to (from among some starting relays, plus ones the client has seen in events), including entering a relay URL directly. -- [x] Post root-level text messages and reply to messages (but not yet react, quote, or boost). +As of right now you can (if you aren't stopped by some bug): + +- [x] **Seeing other people's posts** + - [x] **Follow people** by user@domain (NIP-35) or by public key (hex or bech32) plus a relay where they can be found, or by finding them in the feed, clicking their avatar, and choosing to follow them on their page... and unfollow people. + - [x] **See a feed of posts from people you follow** including avatars and other user metadata, and reactions to these posts. + - [X] **See threads related to a post** including ancestors and replies, although it may not be working as good as it will eventually work just yet. + - [X] **See a list of posts of a person** on their person page + - [X] **An ability to query relays for missing referred-to events** by pressing a button. +- [x] **Creting content** + - [x] Generating a key that is kept securely within the client encrypted under a password that you need to unlock it every time you start the client. + - [x] Generate or import (hex or bech32) a private key (your identity) (also kept under a password) + - [x] Choose relays to post to (from among some starting relays, plus ones the client has seen in events), including entering a relay URL directly. + - [x] Post root-level text messages + - [x] Post replies to other people's text messages + - [x] React to other people's text messages, but only in the simplest way with reaction of "" which is interpreted as a like or upvote. ### Missing Critical Features -- [ ] Setting your metadata and syncing with the network +- [ ] Exporting your private key in any format (encrypted or unencrypted in bech32/hex format), although you can pull the encrypted private key from the database with an SQL command. +- [ ] An inbox of replies to your posts (they are loaded, but you have to go into each feed to find them, they are not collated into an inbox) +- [ ] Setting your metadata and syncing it with the network. - [ ] Syncing the relays you use with the network - [ ] Seeing who other people follow (contact lists) -- [ ] Seeing replies and/or reactions to your own posts by people you didn't directly follow +- [ ] Choosing not to see replies and/or reactions to your own posts by people you didn't directly follow - [ ] Good Emoji support (many are still tofu characters) -- [ ] Reacting, quoting, and boosting posts +- [ ] Quoting and/or boosting posts - [ ] Muting people -- [ ] Content of posts being rendered well (links, references, images, videos, etc) -- [ ] NIP-05 backend verification -- [ ] including a helpful URL in reply events (important for your post thread to be found) +- [ ] Content of posts being rendered well (references, images, videos, etc) +- [ ] NIP-05 backend verification (many are crossed out because it's not trying) +- [ ] Controlling which relays the client may connect to (currently it will dynamically find relays and connect if it thinks those relays have the event it wants, and you can't configure it to not do that) ## Development Ideology +- **High user control**: The plan is for the user to be in control of quite a lot of settings regarding which posts they see, which relays to talk to, and when to fetch from them, but with some sane defaults. +- **Key Security**: Private keys need to be handled as securely as possible. We store the key encrypted under a passphrase on disk, and we zero out any memory that has seen either the key or the password that decrypts it. We also keep the decrypted key in just one place, the Signer, which doesn't provide access to the key directly. Eventually we will look to add hardware token support, probably first using programmable [Solo keys](https://solokeys.com/) because I have a few of those. - **Portable** design intended for the **desktop**: This is intended to run on desktop computers, but not limited as such. The platform must be supported by rust (most are), and SQLite3 needs to store its file somewhere. The UI will run on anything that runs one of these backends: - OpenGL (via glium or glow) - OpenGL ES (via glow or wgpu) @@ -40,10 +55,9 @@ Gossip is currently early alpha-quality code. As of right now you can (if you ar - Metal (via wgpu) - DirectX 11/12 (via wgpu) - Browsers (via WebAssembly) -- **High-enough performance**: the network speed should be your limiting factor on performance, not the UI or any other part of the code. It doesn't matter too much how fast the code runs as long as it is always faster than the network, and I think that's definitely true for gossip. However due to our use of an immediate-mode renderer which computes and redraws frequently, we will continue to try to minimize the CPU impact of that hot loop. -- **High user control**: the plan is for the user to be in control of quite a lot of settings regarding which posts they see, which relays to talk to, and when to fetch from them, but with some sane defaults so you don't have to change anything. -- **Privacy Options**: in case someone wishes to remain secret they should use Gossip over Tor - I recommend using QubesOS do to this. But you could use Whonix or even Tails. Don't just do it on your normal OS which won't do Tor completely. Gossip will provide options to support privacy usage such as not loading avatars, having multiple identities, etc. -- **Key Security**: private keys need to be handled as securely as possible. We store the key encrypted under a passphrase on disk, and we zero out any memory that has seen either the key or the password that decrypts it. We also keep the decrypted key in just one place, the Signer, which doesn't provide access to the key directly. Eventually we will look to add hardware token support, probably first using programmable [Solo keys](https://solokeys.com/) because I have a half dozen of those. +- **High-enough performance**: Generally the network speed should be your limiting factor on performance, not the UI or any other part of the code. It doesn't matter too much how fast the code runs as long as it is always faster than the network, and I think that's definitely true for gossip. +- **Easy-ish on CPU/power usage**: We can't achieve this as well as other clients might because we use an immediate-mode renderer which necessarily recomputes what it draws every "frame" and may redraw many times per second. We are working hard to minimize the CPU impact of this hot loop. Try it and see. +- **Privacy Options**: in case someone wishes to remain secret they should use Gossip over Tor - I recommend using QubesOS do to this. But you could use Whonix or even Tails. Don't just do it on your normal OS which won't do Tor completely. Gossip will provide options to support privacy usage such as not loading avatars, having multiple identities, not necessarily sharing who you follow, etc. ### nostr features supported @@ -58,7 +72,7 @@ We intend to support the following features/NIPs: - [x] NIP-10 - Conventions for clients' use of e and p tags in text events - [ ] NIP-11 - Relay Information Document (partial) - [ ] NIP-12 - Generic Tag Queries -- [ ] NIP-13 - Proof of Work +- [x] NIP-13 - Proof of Work - [ ] NIP-14 - Subject tag in text events (partial) - [x] NIP-15 - End of Stored Events Notice - [ ] NIP-16 - Event Treatment @@ -80,19 +94,18 @@ We do not intend to support the following features/NIPs: ### other features worth mentioning -- [x] threaded or linear - [x] configurable look-back time - [x] dark/light mode - [ ] semi-secure handling of private keys by zeroing memory and marking them Weak if displayed or exported (partial) -- [ ] exporting/importing of private keys with a passphrase (partial) +- [ ] exporting/importing of private keys with a passphrase (partial, no export yet) - [ ] multiple identities -- [ ] user management of relays (read/write), including ranking (partial) +- [ ] user management of relays (read/write), including ranking (partial, no ranking ui yet) - [ ] choose to load from another relay with a button press -- [ ] choose what posts to see beyond direct posts of people you follow: replies, events replied to, posts liked by people you follow, post made by friends of friends, global on a relay, or global. -- [ ] mute someone -- [ ] mute a message -- [x] dismiss a message without blocking for future sessions -- [ ] follow people privately or publicly +- [ ] choose what kinds of posts to want to see. +- [ ] block lists, word filters, etc. +- [ ] mute a specific post +- [x] dismiss a specific post without blocking for future sessions +- [ ] follow people privately or publicly (currently entirely private, not synced) ### What Gossip Isn't