Read_870 - Nostr能否解决应用分发问题？

现在已经没人使用PGP加密邮件了。

Nobody uses PGP encrypted email anymore.

大家都转向Signal或Simplex了。

Everybody moved to Signal or Simplex.

没有哪个理智的人会为了每年验证几个下载文件，就从头开始构建信任网络付出巨大努力。

And no sane person will undertake the massive effort to build a web of trust from the ground up just to verify a few downloads a year.

但如果恰好存在一个社交活跃的加密密钥对网络，其效用就会突然大幅提升，而构建可信开发者网络的努力也会减少。

But if a socially active network of cryptographic key pairs happens to exist, all of a sudden utility massively increases, and the effort of building a network of trusted developers goes down.

既然信任是社交属性的问题，没有比从自然社交环境中衍生信任更好的方式了。

Since trust is a problem of social nature, there is no better way than deriving it from a naturally social context.

Keybase的想法是对的，但Noster在解决这个问题上具有独特优势。

Keybase got the idea right, but Noster is uniquely positioned to solve this problem.

现在连你妈妈都能通过加密方式验证下载的应用了。

Even your mom can now cryptographically verify a downloaded app.

比特币领域最棒的内容都变成了可听版。

The best in Bitcoin made Audible.

我是盖伊·斯旺，这里是《比特币可听版》。

I am Guy Swan, and this is Bitcoin Audible.

大家好，最近怎么样？

What is up, guys?

欢迎回到《比特币可听版》。

Welcome back to Bitcoin Audible.

我是盖伊·斯旺，我读过的比特币相关资料比你认识的任何人都多。

I am Guy Swan, the guy who has read more about Bitcoin than anybody else you know.

本节目由BitKit链上主权钱包和移动端闪电钱包赞助播出。

This show is brought to you by the BitKit sovereign on chain and lightning wallet on mobile.

这是一款设计精良、操作简单的移动钱包。

It is a fantastically designed and simple mobile wallet.

如果你正在寻找一款集成度高、操作直观的钱包，BitKit绝对值得一试。

If you were looking one looking for one that has, like, really good integration and is just super intuitive, BitKit is a fantastic one to check out.

还有Jade Plus硬件钱包——如果你还没见过这个小宝贝，可以去看我在Twitter、Nostr和YouTube上的开箱视频。

And the Jade Plus hardware wallet, if you have not seen this baby, check out my unboxing video on Twitter and Nostr and YouTube.

已经有很多人表示他们很喜欢这个视频，拍摄过程也很有趣。

I've had a number of people say they really liked it and it was really fun to do.

结账时使用优惠码GUY（g u y）可享9折优惠。

But you can get 10% off with code GUY, g u y, at checkout.

链接和详情都在描述区里。

Link and details are right there in the description.

只要在手机上轻轻上滑页面就能看到。

If you just scroll scroll right down, just like kinda lift up the page on your mobile.

所有细节信息都在那里。

All those detail all those deets are right there.

好的。

Alright.

我们有一篇很棒的小文章。

We got a fantastic little article.

这是关于ZapStore及其存在意义的报道。

This is about Zap Store and why it is.

我并不是说这跟Zap Store项目有关。

And I don't mean it's, like, about Zap Store the project.

我的意思是，虽然确实涉及Zap Store项目，但他们并未提及自身。

I mean, it kinda is about Zap Store the project, but they don't mention themselves.

这是由Zap Store或其开发者撰写的。

This is written by Zap Store or the developer of Zap Store.

但这关乎应用商店去中心化的理念，以及过去阻碍其成功的挑战——当你无法验证或确认从开发者、公司或服务器直接下载或支付的完整性时。

But it's about the idea of decentralizing the App Store itself and what the challenges are that have prevented this from being a successful thing in the past while you have not been able to verify or attest to the integrity of a direct download or a direct payment from a developer or a company or a server, whatever it is.

这就是为什么需要这些大型中心化平台来临时解决认证、支付和信息可信源等核心问题——通过加密技术确保你从正确的人那里下载正确内容。而实现这一切所需的拼图碎片，以及完成这些看似庞大任务所需的所有组件，都因Noster和比特币的存在而默认具备了。

And this is why you have these giant centralized platforms essentially being used to Band Aid over, to duct tape over this enormous problem of authentication and payment and trusted sources of information to be able to cryptographically know you are downloading the right thing from the right person, but that all the pieces of the puzzle that you actually need to make this possible and to do those seemingly massive tasks to accomplish that is conveniently provided by default, thanks to Noster and Bitcoin.

让我们更深入地探讨问题的具体细节，以及为何Noster和比特币可能彻底改变我们获取所有内容和应用程序的网络结构与性质。

So let's dig a little bit more into the specifics of the problem and why it is that Noster and Bitcoin may change the structure and nature of the very networks by which we obtain all of our content and applications.

基于以上介绍，现在让我们进入今天的文章，标题是《Zap Store能否通过Noster修复应用分发？》

So with that introduction, let's go ahead and jump into today's article, and it's titled, Can Noster Fix App Distribution by Zap Store?

我想从四个维度探讨这个话题：可发现性、安全性、声誉和货币化。

There are four angles from which I want to discuss this topic, discoverability, security, reputation, and monetization.

应用商店模式——经过筛选的应用目录——以不同方式解决了这些问题，是目前最主流的分发方式。

The App Store model, a curated catalog of applications, addresses these in various ways and is by far the most common distribution method.

在中国以外的市场，Google Play商店和苹果App Store以约95%的市场份额领先。

Google Play Store and Apple App Store lead the pack with around 95% market share outside of China.

连同其他安卓商店（亚马逊商店、三星Galaxy商店和微软商店），它们构成了主要的专有闭源商店体系。

Along with other Android stores, Amazon Store, Samsung Galaxy Store, and the Microsoft Store, they are the major proprietary closed source stores.

它们控制着分发链上的每个环节。

They control every link in the distribution chain.

开源应用商店的运作方式略有不同。

Open source stores work a bit differently.

商店界面可以管理来自多个软件仓库的应用。

The store UI can manage apps from multiple repositories.

但大多数情况下，人们主要使用默认的F-Droid及其官方仓库、Snap（Ubuntu Linux的Snapcraft）和Flatpak（Linux的FlatHub）。

For the most part though, they are used with the default one F Droid with their official repo Snap Ubuntu Linux with Snapcraft Flatpak for Linux with FlatHub.

应用商店是大规模向用户分发应用程序的唯一现实途径。

App stores are the only realistic method to distribute applications to humans at scale.

但现有实现方案存在重大缺陷。

But current implementations have important shortfalls.

它们都在不同程度上成为可信第三方，以牺牲用户自主权为代价提供便利服务。

They are all, in varying degrees, trusted third parties offering convenience at the expense of sovereignty in different ways.

可发现性：高质量搜索、热门榜单和推荐系统是应用发现的关键因素。

Discoverability High quality search, trending lists, and recommendations are important factors for app discovery.

主流应用商店与各自操作系统深度集成，因此成为用户默认选择。

The main stores are tightly integrated with their respective operating systems, so they are the user's default go to.

这强烈激励开发者在此发布应用，从而形成丰富的应用生态。

This creates a strong incentive for developers to publish there, and this results in a rich app ecosystem.

但集中化模式存在诸多问题。

But centralization has its problems.

这些商店的算法可能优先推广特定内容、展示广告，或使小众应用难以被发现。

The algorithms of these stores may prioritize promoting content, displaying ads, or making it difficult to discover niche apps.

它们经常因国家法规、企业议程或随机理由进行内容审查。

They regularly censor due to state regulations and corporate agendas, or just for some random reason.

iOS应用商店是所有平台中最成问题的。

The iOS App Store is the most problematic of all.

除了繁琐的流程外，没有其他安装应用的替代方式。

There are no alternative ways of installing apps other than going through tedious hoops.

欧盟近期对第三方应用商店的调整完全是在做表面文章。

The recent third party App Store changes in The EU is a complete LARP.

市场仍需获得苹果许可，且不同商店只能上架单一版本的应用。

Marketplaces must still get permission from Apple and only a single version of an app across different stores is allowed.

开放商店不会审查内容，任何人都能添加自己的软件源。

Open stores do not censor and anyone can add their own repository.

但这个额外步骤也影响了应用的可见性。

But this extra step also hurts discoverability.

人们当然可以在应用商店之外找到应用，比如通过社交媒体分享的链接。此外，由于法律或监管要求，主要商店按国家和地区划分，导致某些地区可用的应用在另一些地区完全不可见。

One can of course find apps outside the realm of an app store, for instance from links shared on social media Furthermore, major stores are split in countries and regions due to legal or regulatory requirements, so apps available in one area may be invisible in another.

启用本地化内容可能通过增强文化相关性来提高应用发现率。

Enabling localized content may improve discoverability because of the increased cultural relevance.

而Noster上的应用商店可以利用无国界的社交关系，这比地理隔离模式要有意义得多。

An app store on Noster, on the other hand, could leverage borderless social connections, which is way more relevant than a geographic silo.

发现新应用可以变得更像获得朋友的个性化推荐，而不是浏览由无名企业员工生成的通用列表。

Discovering new apps could become more like getting personalized recommendations from your friends as opposed to browsing a generic list created by minions at a faceless corporation.

其他便捷功能如NIP51可实现一键批量安装精选应用列表，既可作为个人备份也能用于推荐。

Other handy features such as NIP51 could bring curated app lists to one click bulk install a la NiNite, both as personal backup or as recommendations.

关于安全性，我想单独讨论几个关键方面。

Security Here I'd like to talk about a few key aspects separately.

传输安全：通过数字签名检查文件完整性以防止篡改。

Transmission security, checking file integrity via digital signatures to prevent tampering.

应用安全：扫描软件包中的恶意程序并强制执行操作系统级别的运行时安全。隐私：防止私人信息或元数据泄露。传输安全：苹果和谷歌通过公钥基础设施防止传输中的攻击，除了控制应用商店前端、域名和文件服务器外，还为开发者提供签名证书。

Application security: scanning packages for malware and enforcing OS level runtime security Privacy: preventing private information or metadata leakage Transmission Security Apple and Google prevent in transit attacks through Public Key Infrastructure They provide developers with signing certificates in addition to controlling App Store front ends, domains, and file servers.

在安卓系统中，签名密钥在首次安装时固定，并在所有后续更新中强制执行，同时支持密钥轮换机制。

On Android, signing keys are pinned upon first installation and are enforced on all subsequent updates along with a mechanism for key rotation.

这是SSH模型，也被称为首次使用信任(TOFU)。

This is the SSH model, also known as TOFU Trust on First Use.

虽然可以添加自定义软件源，但F-Droid从源代码压缩包构建、托管并自签名其官方仓库中除少数软件包外的所有内容。

While it's possible to add custom repositories, F Droid builds from source tarballs, hosts, and self signs all but a few packages in their official repo.

这存在一个重要缺点。

This has an important downside.

你不仅需要在初始安装时信任他们，还需要在每次更新时都信任他们。

You need to trust them not only on the initial install, but on every single update.

F-Droid不构建非自由软件，并且存在诸多其他问题。

F Droid does not build non free software and has a host of other issues.

Izzy on Droid可能是最受欢迎的F-Droid替代仓库，专注于提供F-Droid官方仓库排除的APK精选列表。

Izzy on Droid is probably the most popular F Droid alternative repository, focused on providing a curated list of APKs excluded from F Droid Official.

这些仓库的主要区别在于Izzy托管的是开发者签名的APK文件。

The main difference between these repos is that Izzy hosts APKs signed by developers.

Obtanium更接近Izzy的模式。

Obtanium is closer to the Izzy approach.

它不提供精选服务，但减少了一层信任环节，因为软件包可以直接从开发者的源代码仓库获取。

It offers no curation but removes one trust layer as packages can be fetched directly from developers' source repositories.

签名验证尚未实现，因此目前你需要完全信任托管方，主要是运行在微软基础设施上的GitHub。

Signature verification is not yet implemented, so for now you need to fully trust the host, mostly GitHub run on Microsoft infrastructure.

AppVerifier是提议的集成方案，虽朝着正确方向迈进了一步，但仍是依赖证书哈希而非开发者签名的中心化解决方案。

AppVerifier is the proposed integration, a step in the Good Direction but yet another centralized solution relying on certificate hashes rather than developer signatures.

这在开源开发者中尤为常见——使用PGP确保构件完整性，防范网络钓鱼、域名劫持或恶意仓库等攻击。

It is common, especially among open source developers, to use PGP to ensure artifact integrity, preventing attacks such as phishing, domain hijacking or malicious repositories.

PGP依赖信任网络来验证签名的真实性。

PGP relies on a web of trust to verify the authenticity of signatures.

这个理念不错，但实践中远非完美，因为传递性信任等级判定极具挑战性。

It's a good idea, but far from perfect in practice as it's very challenging to determine trust levels transitively.

信任问题不存在纯技术解决方案，但PGP设计和实现中的某些选择使其变得更加困难。

There is no purely technical solution to the problem of trust, but some choices in the design and implementation of PGP make it even harder.

我是一名开发者，经常通过这种方式获取软件。

I'm a developer and regularly get software in this way.

我仍觉得这很有挑战性。

I still find it challenging.

显然获取与二进制文件相邻的哈希或指纹毫无意义，所以我通常从一两个信誉良好的密钥服务器拉取与已知开发者指纹匹配的密钥。

Obviously obtaining a hash or fingerprint sitting next to the binary makes no sense, so I usually pull keys from one or two reputable key servers that match some known developer's fingerprint.

指纹并非完整的PGP密钥。

Fingerprints are not the full PGP key.

虽然可能没问题，但密钥服务器必须可信，且有报告称存在恶意行为者在野外复制短密钥ID的情况。

While it's probably okay, key servers must be trusted, and there have been reports of malicious actors duplicating short key IDs in the wild.

以牺牲用户体验为代价的安全优化，导致大多数用户选择不安全工具而非安全工具，因此PGP遗憾地未能达到任何显著的普及程度。

The optimization of security at the expense of user experience leads most users to choose insecure tools over secure ones, so PGP unfortunately did not reach any significant level of adoption.

Keybase试图通过将用户社交身份与PGP加密密钥关联来解决这个问题，这是个非常有趣的尝试。

Keybase is a very interesting attempt to improve this situation by mapping users' social identities to PGP encryption keys.

他们的关注点分散在消息传递、文件共享等方面。

Their focus was scattered messaging, file sharing, etc.

后来该团队在2020年被Zoom收购。

And then the team was acqui hired by Zoom in 2020.

此后开发工作似乎基本停滞了。

Development seems to have virtually stalled ever since.

Noster的信任网络能否成为安全传输软件包所缺失的关键要素？

Could Noster's Web of Trust be the missing ingredient in the secure transmission of packages?

现在已经没人使用PGP加密邮件了。

Nobody uses PGP encrypted email anymore.

大家都转向了Signal或Simplex。

Everybody moved to Signal or Simplex.

没有哪个理智的人会为了每年仅有的几次下载验证，就从头开始建立完整的信任网络。

And no sane person will undertake the massive effort to build a web of trust from the ground up just to verify a few downloads a year.

但如果恰好存在一个活跃的加密密钥对社交网络，其效用就会突然大幅提升，而建立开发者信任网络的成本则会降低。

But if a socially active network of cryptographic key pairs happens to exist, all of a sudden utility massively increases and the effort of building a network of trusted developers goes down.

既然信任本质上是社会性问题，那么从天然的社交环境中衍生信任就是最佳解决方案。

Since trust is a problem of social nature, there is no better way than deriving it from a naturally social context.

Keybase的理念是对的，但Noster在解决这个问题上具有独特优势。

Keybase got the idea right, but Noster is uniquely positioned to solve this problem.

现在连你妈妈都能对下载的应用进行加密验证了。

Even your mom can now cryptographically verify a downloaded app.

让我们假设克雷格·罗尔斯的昆虫被入侵了。

Let's imagine that Craig Rawls' insect was compromised.

一旦发现，他可以使用NIP 41进行密钥轮换，并将这一事实公开到他的Noster社交图谱中。

Once aware, he could use NIP 41 to perform a key rotation and make the fact public to his Noster Social Graph.

这一操作会相对快速地完成，避免了更新密钥服务器和等待全局同步的需要，而后者可能永远不会发生。

This action would occur relatively fast, circumventing the need for updating key servers and waiting for global synchronization, which might never happen.

在PGP中，单次入侵可能影响信任树Web的整个分支，可能导致广泛破坏且检测延迟严重。

In PGP, a single breach can affect entire branches of the Web of Trust tree, potentially causing widespread damage with very delayed detection.

为可发现性索引软件包极大改善了用户体验，任何网络参与者都可以执行此操作，因为这些仅是建议且软件包始终经过签名和验证。

Indexing packages for discoverability vastly improves UX and can be performed by any network participant since these are merely suggestions and packages are always signed and verified.

应用安全方面，苹果App Store和Google Play商店都有各自的程序在应用上线前进行审核。

Application Security Both the Apple App Store and Google Play Store have their own procedures for reviewing apps before they become available to users.

这些程序包括人工和自动化流程，旨在确保应用质量、安全性及符合政策要求。

They involve human and automated processes and aim to ensure app quality, security, and compliance with their policies.

不过这种方法并非万无一失，仍有恶意应用可能漏网，一旦发生后果相当严重。

This approach is not foolproof though some malicious apps can still slip through the cracks and when it does, it's pretty bad.

克雷格·罗的笔记，1月6日。

Note from Craig Raw, January 6.

尽管我和其他人几周前就已举报，苹果App Store上仍存在一个假冒的Sparrow钱包应用。

There is still a scam Sparrow Wallet app in the Apple App Store despite myself and others having reported it weeks ago.

更糟的是，你必须安装它才能举报。

Worse, you have to install it to report it.

务必通过钱包官网获取下载链接。

Always go to the Wallet's website to find the link to download it.

应用商店不会保护你。

App stores will not protect you.

来自奥斯卡·P的笔记。

Note from Oscar P.

又一起比特币盗窃案。

Yet another Bitcoin theft.

苹果iOS应用商店上架了一系列欺诈性的比特币钱包应用。

The Apple App Store for iOS has published a range of fraudulent Bitcoin wallet apps.

我的朋友们中了Electrum钱包管理应用的招，输入了助记词，钱就没了。

My friends succumbed to the Electrum Wallet Management app, typed their seed phrase in, and money gone.

详情如下。

Details follow here.

更糟的是，它们营造了一种安全的假象。

Worse yet, they give the illusion of security.

这些由大型科技公司支持的自有封闭生态因其不透明性带来了额外的安全风险。

These big tech backed proprietary walled gardens pose additional security risks due to their opaque nature.

在政府监控日益加强的世界里，企业是最容易受到监管的目标。

Corporations are the low hanging regulatory targets in a world of ever increasing state surveillance.

永远记住：可信第三方就是安全漏洞。

Never forget trusted third parties are security holes.

开源商店看似更透明，但仍需用户对其给予高度信任。

Open stores appear to be more transparent but still require users to place significant trust in them.

F-Droid官方仓库从源代码压缩包构建，因此你需要信任开发者。

F Droid official repo builds from source tarballs, so you need to trust the developer.

F-Droid以及它们之间的数据传输。

F Droid and the transmission of data between them.

类似情况也发生在FlatHub上，它除了托管第三方打包的二进制文件外，还因这些社区运营项目资源匮乏而增加了另一层信任问题。

Something similar happens with FlatHub, which in addition hosts binaries packaged by third parties, yet another layer of trust as these community run projects lack resources.

猜猜什么能解决这个问题？

Guess what fixes this?

就像直接下载一样，除非使用像Signal那样的可复现构建，否则你也需要信任像APK这样的二进制文件与源码对应。

And just like with direct downloads, you also need to trust binaries like an APK to correspond to the source files, unless they use reproducible builds like Signal does.

在恶意软件和隐私保护方面，Android的Play Protect会检查非Google Play渠道安装的APK。

In terms of malware and privacy protection, Android's Play Protect checks APKs when installed from non Google Play sources.

开源商店通过VirusTotal、Exodus Privacy和Blacklight等工具提供扫描服务，但用户实际上无法自主选择。

Open stores provide scanning via tools like VirusTotal, Exodus Privacy, and Blacklight, but the user can't really pick and choose.

在Noster上，可能会出现专门从事应用安全审计的DVM市场，既作为开发者的信誉机制，也作为终端用户的工具。

On Noster, a market of DVMs specialized in app security auditing could arise as a reputation mechanism for developers, as tools for end users, or both.

应用一旦安装，隐私和安全就上升为操作系统层面的问题。

Once apps are installed, privacy and security become an operating system level concern.

沙盒执行机制以及对文件系统、外设、网络等不同程度的权限控制，被用来缓解进一步的安全问题。

Sandboxed execution and varying degrees of permission controls to file system, peripherals, network, and so on are used to mitigate further security issues.

不使用互联网的应用就不应被授予网络访问权限。

An app that does not use the Internet should not be granted access to it.

像Linux上的LittleSnitch或OpenSnitch这样的防火墙，是维护安全和隐私至关重要的第三方软件范例。

Firewalls like LittleSnitch or OpenSnitch for Linux are examples of third party software that is crucial for maintaining security and privacy.

Craig Rawl是我信任的开发者，但当我配置Spero完全离线工作、关闭局域网节点、禁用NimPul费用估算等功能后，却惊讶地通过OpenSnitch发现它向sparrowallet.com发送了HTTP请求——我立即拒绝了该请求。

Craig Rawl is a developer that I trust, but after configuring Spero to work completely offline, node in my LAN, disabled NimPul fee estimation, etc, I was surprised to find an HTTP request to sparrowallet.com with OpenSnitch, which I immediately denied.

克雷格在掏空我的热钱包吗？

Is Craig rugging my hot wallet?

我直接查看了源代码。

I went straight to the source code.

结果发现只是个简单的版本升级检查。

Turns out it was a simple version upgrade check.

没错，这些工具极大地帮助我们实现了'验证而非信任'的目标。

So yes, these tools aid us immensely in our strive to verify, not trust.

隐私。

Privacy.

所有应用商店都知道你使用的全部程序。

All app stores know the exact set of programs you use.

苹果和谷歌尤其有双重动机收集这些数据：一方面用于生成精准推荐，另一方面卖给数据经纪商。

Apple and Google in particular have a double incentive to harvest this data, on the one hand to produce accurate recommendations and on the other hand to sell it to data brokers.

通过让直接下载更容易被任何人验证，鼓励使用尊重隐私的自由开源软件，并转向可信的分布式验证机制进行推荐和安全审计，隐私将得到显著改善。

Privacy would be significantly improved by making direct downloads easier to verify by anyone, incentivizing the use of privacy respecting FOS and switching to trusted DVMs for recommendations and security audits.

声誉 即使一个应用绝对安全，它值得你花费时间或金钱吗？

Reputation Even if an app is perfectly safe, is it worth your time or money?

应用商店允许用户评价他们使用的应用。

App stores allow users to review the apps they use.

这存在局限性，因为在中心化系统中评分和评论很容易被操控。

This has its limitations as ratings and reviews can be easily gamed in these centralized systems.

去中心化的评价系统实际上可能让情况更糟。

Having a decentralized review system can actually make it worse.

垃圾邮件和女巫攻击成本相对较低，除非网络视图可被信任。

Spam and Sybil attacks are relatively cheap unless the view of the network can be trusted.

而这正是Noster发挥作用的地方。

And that is exactly where Noster comes in.

将NIP 32审查限制在公钥信任网络中会是完美方案。

NIP 32 reviews constrained to a pub key's web of trust would be the perfect fit.

这类信息不仅对其他用户有用，还能作为开发者的反馈机制。

This type of information is not only useful for other users, it also serves as a feedback mechanism for developers.

其中许多价值完全来源于声誉。

Many of them derive value exclusively from reputation.

但还有更好的方法。

But there is a better way.

货币化。

Monetization.

主商店提供收费选项，但平台方要抽成。

Options for charging money are available on the main stores, but the bullies want their cut.

苹果和谷歌收取15%至30%的高额销售佣金，并向开发者额外收取固定费用。

Apple and Google take hefty 15 to 30 commissions on sales and charge developers additional fixed fees.

实际上所有用户和开发者都需实名认证，因为他们只能通过数字法币支付，且被迫使用落后的短信验证。

Virtually all users and developers need to be KYC'd as they are only allowed to pay by digital fiat means and are forced to use archaic SMS verification.

除了隐私问题，这还将数十亿无银行账户用户排除在付费应用购买之外，也使无银行账户开发者无法在这些商店发布应用。

Apart from the privacy concerns, this excludes billions of unbanked users from buying paid apps and unbanked developers from even publishing them in these stores.

有趣的是，这也边缘化了那些被要求发布应用的自主AI系统。

Interestingly, it also marginalizes autonomous AI systems that were tasked to publish an app.

大型应用商店发布的绝大多数应用都是免费的，其中很大比例依赖广告收入，这加剧了注意力经济的问题。

A vast majority of the applications published on big stores are free with a huge percentage of them relying on advertising, exacerbating the attention problem.

开源应用商店最多只提供捐赠按钮，几乎没有其他变现方式。

Open stores offer no monetization options other than a donate button at best.

自由开源软件开发者通常只能采用繁琐且不可靠的捐赠方案。

FOSS developers usually resort to frictional and unreliable donation solutions.

关于开源项目资金问题已有大量讨论。

A lot has been written about the issues with open source funding.

我不得不得出结论：比特币和Noster能解决这个问题。

I can't reach any other conclusion than Bitcoin and Noster fix this.

通过消除中间商，让用户直接通过Zaps、Noster钱包连接或其他类似方式向开发者付费，将从根本上改变应用的资助和分发模式。

Removing the middleman and letting users pay developers directly via Zaps, Noster Wallet Connect or other similar primitives will fundamentally change the way apps are funded and distributed.

Will的备注，JB 55。

Note from Will, JB 55.

想象一个世界，软件分发只能通过应用商店进行，你需要获得许可才能向用户发布软件。

Imagine a world where we only had app stores for software distribution, where you need permission to ship software to your users.

我们正在朝这个方向发展，这相当可悲。

We're moving toward this, and it's pretty sad.

事情本不必如此。

It doesn't have to be like this.

支持。

Support.

这是项创新功能，因为应用商店从未提供售后支持，很可能是由于激励机制错位。

This is an innovative feature given no app store has introduced post sales support, likely due to misaligned incentives.

这是真实可靠的KYC认证。

It's the real genuine KYC.

接受用户与开发者之间去除中间商的做法，可以开辟诸如付费支持、悬赏任务、功能需求优先级排序等新可能，甚至创造新的商业机会。

Embracing the removal of middlemen between users and developers can open up new possibilities like paid support, bounties, feature request prioritization, and even new business opportunities.

向前推进。

Moving forward.

从长远来看，AI可能引发软件创作的寒武纪大爆发。

In the longer term, AI could drive a Cambrian explosion of software creation.

效率的大幅提升往往也会带来质的变化。

Massive improvements to efficiency tend to also cause qualitative changes.

应用分发的动态机制可能会与今天截然不同。

The dynamics of app distribution might look totally different than today.

我们可能会像在Stemster上混音音乐那样重组自己的应用，并将价值回馈给所有贡献者。

We might be remixing our own apps like we do with music on Stemster and sending back value to all contributors.

应用发现机制需要更精细的调整，审核系统也需要比现在更值得信赖。

App discovery mechanisms will require more fine tuning and review systems to be more trustworthy than they are today.

诈骗和恶意软件将会激增。

Scams and malware will multiply.

由于提交数量庞大且检测所有潜在威胁的复杂性，危险软件将突破中心化应用商店的防线。

Dangerous software will slip through the cracks of centralized stores due to the sheer volume of submissions and the complexity of detecting all potential threats.

最后，面对来自全球各地如此庞大的供需关系，开放、无国界、中性的交换媒介是货币化的合理解决方案。

Finally, with so much supply and demand from so many different parts of the globe, an open, borderless, neutral medium of exchange is the logical answer to monetization.

应用是我们追求自我主权的基本工具。

Apps are fundamental tools in our quest for self sovereignty.

严苛的监管和侵犯隐私的行为将会加速蔓延。

Draconian regulations and privacy invasive practices will accelerate.

正确建立信任、获取并验证应用程序将变得比以往任何时候都更加重要。

Properly establishing trust, sourcing and verifying apps will become more important than ever.

目前NoSter主要用于社交评论，而非作为软件包维护者网络，但两者之间的交集将会越来越多。

Most NoSter usage at the moment is for social commenting, certainly not as a network of package maintainers, but there will be an increasing overlap between the two.

信任评分能否从信任网络（Web of Trust）等基础架构中产生？

Can trust scores emerge from Web of Trust and other primitives?

NIIP 94能否取代清单文件？

Can NIIP 94 replace manifest files?

我们如何在最小化信任需求的同时最大化用户体验？

How do we minimize trust while maximizing UX?

还需要什么才能打破约95%的科技巨头市场份额？

What else would be necessary to disrupt the roughly 95 big tech market share?

作为应用开发者，我过去只是肤浅地接触过这些问题。

As an app developer myself, I had only superficially been exposed to these issues.

应用分发是个令人着迷的兔子洞，我最近深陷其中，并开始构建我理想中的解决方案原型。

App distribution is a fascinating rabbit hole I recently fell into, and I started prototyping the solution I want to see in the world.

仍有许多问题悬而未决。

A lot of questions remain.

我并非掌握所有答案，甚至不确定问题是否正确，但我认为现状存在诸多不足，改进空间巨大。

I don't have all the answers or even the right questions, but I feel there are enough gaps and shortcomings in the current way things are and significant room for improvement.

这正是我认为我们在此构建的一切——包括Noster、KEET、PubKey等项目——最被低估的地方。我把这些放在一起，是因为我们正在打造一套构建全新基础设施的工具集。Zap Store的作者们提出了几个关键要素，虽然我不知道Zap Store背后是谁，而且这个信息也没有其他签名验证。

This is the thing that I think is so underestimated about what we are building here, about what is being built in Noster, in KEET, in PubKey, and I put these things together because I think we're looking at a set a subset of tools for building an entirely new infrastructure, And there's a couple of really important elements that that the author, the Zap Store guys, I I don't know who the Zap Store person is, and this is not signed with anything else.

所以之后我会稍微调查一下，可能会在节目笔记中附上链接和详细信息。

So I'll investigate a little bit after this and maybe have the link and details in the show notes.

但很难低估一个基于密钥的系统有多重要，它要直观易用，并能自然形成信任网络。

But it is really hard to understate how important it is that we have a key based system that is intuitive to use for the user that naturally creates its own web of trust.

这长期以来一直是密码朋克、隐私社区和安全社区面临的问题。

This has been a problem of the cypherpunks, of the privacy community, of the security community for ages.

互联网上的身份验证问题——在没有可信第三方、可信数据库或中央验证者告诉你正在联系或下载的对象是谁的情况下。

The authentication problem on the Internet without a trusted third party, without a trusted database, without a centralized verifier telling you what or who it is that you are contacting or downloading.

这个问题长期以来一直面临着惊人的艰难挑战，只是被一堆大型中心化平台暂时掩盖了。

That problem has had a staggering uphill battle for a long, long time, and it has just been papered over by a bunch of giant centralized platforms.

它们只是提供了服务，而非开发能让我们自主实现这些功能的工具。

They've simply provided the service rather than building the tools that make it a make us able to do that.

而拥有这样的层级和工具简直不可思议。

And having that layer, having that tool is crazy.

我太喜欢这个了。

I loved it.

我特别喜欢他专门提到Keybase，因为我完全同意Keybase的理念是对的，但他们采取的方式是先试图解决信任网络问题和让每个人都掌握PGP密钥的问题，然后松散地围绕这个建立社交氛围——我认为他们某种程度上意识到这两件事是相关联的，而这正是建立和发展信任与声誉的自然环境。

I loved that he brings up Keybase specifically, because I completely agree that Keybase had the right idea, but they set themselves up in a way that they were trying to solve the web of trust problem and the get PGP keys into everybody's hands problem first and kind of loosely creating a social atmosphere around it, I think kind of realizing that those things those two things were connected, and that that is the natural environment in which you establish and grow trust and a reputation.

他们是对的。

And they were right.

我甚至用过一段时间Keybase。

I even used Keybase for a little while.

我觉得这个想法很棒，但他们似乎从错误的方向着手或处理了这个问题。

I thought it was a really cool idea, but it also kinda seems like they came about it or or attacked it from the wrong direction.

人们来到Noster是因为它有趣，因为他们可以畅所欲言，表达真实想法，不会遭到审查，也不会被暗中封禁。

People come to Noster because it's fun, because they can say what they want, they can say what they think, they they won't be censored, they won't be shadow banned.

他们选择这里是因为这里有更好的社交环境，一个真诚的社交环境。

They come because it's a better social environment, because it's a genuine social environment.

我认为人们忽略的一点是：当下许多人追求的真实性其实已被扭曲。他们感觉自己不断被欺骗，甚至在社交媒体平台上，关于什么是真实的也在被欺骗——算法推送内容只是为了操纵他们，控制他们，让他们待在预设的社交圈层里。

That is one of the things that I think is lost on people is that one of the a lot of what people are chasing right now is authenticity, and they feel like they have been lied to over and over, and they are being lied to as to what is authentic even on their social media platforms because the algorithms are just putting stuff in front of them to try to to manipulate them, to control them, to do and be the socials be in the social place that they are supposed to be placed in.

他们的每次互动、每次驻足、每次视频停留时长、点击的每个主页，都被用作困住他们的工具，只为向他们推销垃圾内容。

Their interactions, their attention, how long they scroll on something, how long they pause to look video, which profiles they click on is literally being used against them to trap them on that platform, to sell them crap.

看看结果如何。

And look at what happens.

看看美国国际开发署这些操作。

Look look at all this stuff with USAID.

人们已经走投无路了。

People are desperate.

他们试图弄清为何一切都显得虚假，答案就是他们一直被欺骗。

They're trying to figure out why everything feels fake, and it's because they've been lied to.

所有这些机制的存在，本质上都是为了操纵和控制舆论——决定你能和谁交谈，看到什么内容，哪些评论和视频会出现在你眼前。

All of these structures are in place literally to manipulate and control narrative and opinion, who you talk to, who you see, which which comments and which videos get put in front of you.

我们深陷一个庞大系统，所有用户都是被榨取价值和注意力的产品，被各种我们参与其中的系统和网络来回摆布，而人们正在意识到这点。

We are in a massive system where all of the users are a product that is being drained of value, of attention, and being pushed around by a whole bunch of different systems and networks that we are part a part of, and people are realizing this.

人们逐渐醒悟：他们需要真正的社交体验，渴望一个能畅所欲言且掌握自主权的空间，而不是被强行推销的场所。

People are waking up to the fact that they need to actually have a genuine social experience, that they're they're looking for a space where they can speak their mind and where they have control, where they can like selling it on people.

每当谈及Noster的核心价值，包括Keat和我们正在做的一切，最关键的是：所有权属于用户自己。

When I have ever talked about Noster and what I think is its most its greatest value, and same with Keat and all of this stuff that we're doing, it's that they own it.

他们拥有自己的粉丝。

They own their followers.

他们拥有自己的社交图谱，包括关注对象和人脉关系。

They own their social graph, who they follow, their connections.

你可以直接即时获得报酬。

You can get paid directly and immediately.

这又是一个巨大的优势。

That's another huge, huge one.

但这样的结果和影响在于，实现这一点的唯一途径是让人们真正拥有自己的账户。

But the result, the consequence of this, because the only way to accomplish that is for people to actually own their accounts.

因此你创建了一个简单的密钥系统。

So you create a simple key system.

从结构本质上说，密钥必须成为其核心组成部分，因为只有这样才能使身份验证、签名和连接他人完全独立实现，确保即使通过完全独立的第三方，你仍能找到、连接或确认对话对象。

It's in the nature of the structure that keys had to be a fundamental part of it because it's the only way that authentication, signing, and connecting to someone could ever be made independent, could ever be made in such a way that you could still find or connect or know who you were talking to if you were going through a completely separate third party.

但这意味着，对于信任网络而言，你可以在多个不同平台上找到完全相同的开发者、完全相同的关注对象或项目，并且知道这些内容经过签名验证，确实来自同一主体。

But what that means, what that means for a web of trust, for the fact that you can go to multiple different platforms and have the exact same developer, the exact same person that you are following, and or the project that you are following up there, and you know that it is signed and it is the exact same host.

这些数据完全来自同一个人。

It's the exact same data from the exact same person.

这其实就是Nostr与生俱来的特性。

And this is just kind of built into Nostr.

这是其运作方式的固有特点，让我们能创建自己的网络，自由表达，随身携带社交生活并真正拥有它。

It's just a feature of how it works, how it enables us to create our own networks and say what we want and carry our social lives around with us and own it.

但突然间，利用同样的工具和分发网络，比如以PearDrive为例——因为这确实是个值得探索的酷点子——你能找到由我或Hope等人签名上传的应用程序，而我的签名会证明这就是我们托管的正版应用。

But then suddenly, with those exact same tools and that exact same distribution network, you could find let's you let's use my let's use PearDrive for example because I this would be a really cool thing to try to figure out how to actually utilize this is you could find my application signed by me or Hope or whoever has uploaded it, but my signature attesting to this is the one that we are hosting.

就像Coracle信任网络那样，你可以确认这是我的账号，你关注的所有人都在关注它，或者你社交图谱中任何与我有关联的人都能证明这一点。

And just like with the Coracle Web of Trust thing, you can just know that it's my account, it's followed by all the people that you follow, or whoever in your social graph that you know is connected to me.

所以冒充者很容易被识破。

So an impersonator is very easily spotted.

我刚想到这个。

I just think about this.

想想这个。

Think about this.

你可以访问互联网上任何地方的任何平台。

That you can go to any platform anywhere on the Internet.

假设我们现在身处Nostril世界，或者仅凭Nostril密钥运作，你知道我在Primal或Domus等平台上的公钥。

Just assuming that we have a Nostril world now or just going by Nostril Keys and the fact that you you know my in pub on Primal or Domus or whatever.

你带着这个密钥登录任何地方，无论你在中继网络中的哪个平台，只要看到我签名的消息、我发布的链接或文件密钥对，就知道那确实是用我的密钥签名的。

You take that, you log in somewhere else, no matter where you go, whatever platform or where you are in the relay sphere, if you see a message signed by me or you see a link to or a a a pair key to a file that I have posted somewhere, you know that is signed by my key.

你知道那是我的推荐，无论你在何处看到它，都不必信任你所在的位置——你确实是在接收我的消息。

You know that that is my recommendation even no matter where it is that you arrived at that, you do not have to trust the location you are at that you are actually speaking or getting a message from me.

想想看。

Think about that.

如果你去搜索Guy Swann，或者找找Tom Woods、Dave Smith这些拥有大量粉丝且被疯狂冒充的人。

If you go and search for Guy Swann or, let's let's look look for Tom Woods or Dave Smith, somebody who has a really big following and has just tons and tons of impersonators.

如果你在Twitter或Instagram上关注了他们，然后去Facebook搜索，你根本无法确认找到的账号是否本人。

If you follow them on Twitter or, Instagram or something, and then you go to Facebook and you type them in, you have no idea if the account that you find is actually them.

真的，我经常'关注'某些人，在Instagram或其他社交资料上找到他们后，发现根本不是本人。

Like, I've I've literally followed quote unquote, like, looked for people and, like, found people on Instagram or other social profiles or other social media, and then it's, like, not the right person.

或者人们会给我发消息说，'我一直在和一个有账号的人聊天，因为我的Instagram大概有3000粉丝之类的。'

Or people will send me a message and be like, I've been talking to someone who has an account because, like, my Instagram has, I don't know, 3,000 followers or something.

所以，没有一个明确的标识能说明哪个账号才是我本人。

So, like, there's no clear indication as to which account is actually me.

没有任何东西能证明，没有。

There's nothing that says, no.

是的。

Yeah.

这绝对是Guy Swan的账号。

This is definitely the Guy Swan account.

很可能存在冒充我的账号，它们可能在一小时内就拥有5000个假粉丝。

There's probably there could literally be accounts that were impersonating me that just have, like, 5,000 fake followers in a matter of an hour.

比如，今天结束前就可能冒出一个这样的账号。

Like, there could just be one at the end of today.

但关键在于，你的客户端、你的密钥列表能够默认验证我发送的消息和链接，让你知道这是来自我的对话和笔记。

But the idea that your client, that your list of keys can go and simply it would, by default, is verifying my message, the link that I have sent, and that you know that this is a conversation and a a note from me.

最重要的是，真正极其重要的是，这一切都是无形中完成的。

And importantly, like, really, really importantly, is that it does this invisibly.

它天生就具备这种特性。

It just does this by the nature of it.

这解决了关于查找、验证、确认互动对象身份等众多关键问题，是个巨大的应用场景。

This solves so many critical problems about finding, about verifying, about knowing who and what you are interacting with, and this is such a huge use case.

这简直太重要了，因为你知道，我平时找文章时就已经在这么做了。

Like, this is just massive because, you you know, I I do this already looking for articles.

你知道，我基本上把每个人的Medium页面当作一个社交环境来关注，就像他们所有内容或转发内容构成的社交网络。

You know, I'm basically following everybody's individual medium page as a social environment, as a social web of all of their content or content that they reshare.

这就是我认为可发现性的关键所在——开放的可发现性，以及找到他人信任的应用程序，那些你信任的人也在使用或推荐的应用。

And this is where I think discoverability, just open discoverability and the and finding applications that other people trust, that people that you trust trust or that they use.

比如，我可以推荐Obsidian这款应用。

Like, I could recommend Obsidian, the Obsidian app.

我会提到自己广泛使用它来做笔记。

And I talk about the fact that I use it, pretty extensively for notes.

我也会谈论KEET之类的工具。

I talk about KEET and stuff.

但当我推荐这类东西时，你无法确定找到的KEET或Obsidian是否完全就是我用的那个版本。

But when you when I recommend that or something, you don't know if it's exactly the same keyt or the exact exactly the same Obsidian when you go looking for it.

如果我在某处留下评论，你根本不知道那是我的评价。

And if I leave a review somewhere, you have no idea that that's my review.

现在想象你去应用里看评论，如果我们在彼此的社交图谱中，你就能直接看到我的评论——因为它的权重更高。

Now imagine you go to the application to look at reviews, and if you are in if I am in your social graph or vice versa, you literally see my review because it is weighted higher.

这让我想起Sats Lantus和Alex Fetzky他们的整个理念。

This was a whole thing about Sats Lantus and Alex Fetzky and all of that stuff.

要认识到这解决的核心问题：你需要知道数据来源，知道谁创建了数据，以及如何在发现过程中筛选这些数据，理解社交图谱中人与产品/服务/应用之间的价值关联。

And recognize that the problem that that is solving is the exact same problem of knowing who you're getting the data from and knowing who created the data and how and where to filter that data in the list of things in the discoverability of what you are finding and the relationship of the values of your social graph to the things and the products and the services and the applications that you were looking for.

举个好例子：当你打开WhatsApp或Facebook Messenger这种流行应用，到处都是五星评价，因为大量用户天天在用。

So, like, a good example is, you you know, there's you go to an app that is really popular, WhatsApp or Facebook Messenger or something, and it's got five out of five stars all over the place because tons of people use it all the time.

但如果你去看Noster的同类应用，突然出现大量两三星评价，总体评分就低得多。

But then you go to the Noster version of this, and suddenly there's a whole bunch of two and three stars, and the score is like way way lower.

为什么？

Why?

因为你社交网络中的每个人，只要他们现在使用Noster，都会关心隐私问题。

Because everybody in your social graph, if you're on Noster with, you know, anybody today, cares about privacy.

他们关心并根据不同原因进行评价。

They they care and they rate it for different reasons.

他们会在评论中展示这个应用追踪的所有垃圾信息。

And they're gonna show in their reviews, this is all of the crap that this app was tracking.

这个应用实际上就存在于Facebook Messenger里。

This app was literally in Facebook Messenger.

如果你不知道这事，它真的会发送探测信号。

If you don't know this, it will literally ping.

他们正在绘制你附近所有设备的分布图，记录你连接过的WiFi网络。

Like, they they are building a map of all of the devices that you are ever near, the WiFi networks that you are on.

它直接读取你WiFi发出的探测信号，绘制周围所有设备的地图并保留记录。

It literally reads the pings that your WiFi does to get a map of all the devices around you and keep a record of it.

这简直是史上最疯狂的恶意软件。

It is the most insane piece of malware.

那东西就是个不折不扣的间谍应用。

That thing is a literal spy application.

想象一下，你的Zap应用商店专门向你展示关于隐私影响的评论，指出你对此毫无控制权——这正是你在乎的，并通过社交网络证明了这点。

Now imagine that your Zap store, your your app store, specifically is showing you reviews about the privacy implications, about the fact that you have no control over this because that is what you care about, and you demonstrate this with your social graph.

他特别提到了Spero钱包问题和比特币钱包问题，因为市面上有太多诈骗性质的比特币钱包。

He specifically mentions the Spero wallet problem and the Bitcoin wallet issues because there are so many scam Bitcoin wallets out there.

现在想象一下，你可以确切地知道并下载我正在运行的Spero版本。

Now imagine that you can literally know and download exactly the version of Spero that I am running.

或者如果你关注Sparrow开发者，你就能确切知道他们签名认证的那个版本，因为它就存在于你的Nostril客户端中。

Or if you follow the Sparrow dev, you just know exactly the one that they have signed because it is literally in your Nostril client.

这向你表明这是他们的版本，默认情况下，你的本地客户端会读取该签名并知道这是正确的密钥。

It just shows you that this is theirs, and by default, your your local client is just reading that signature and just knows that that is the correct key.

这篇文章还指出一点我认为非常重要需要理解或关注的是——我们正生活在人工智能爆发的时代。

And there's something else that this article points out that I think is really important to understand or important to call attention to is that we are living through the age, through the explosion of AI.

在那里，旧模式将不再适用。

And there the old model is not going to work anymore.

旧模式确实将完全失效。

The old model will literally not work anymore.

未来将会有数十亿个应用程序。

There are going to be billions of apps.

正如这篇文章所说，新应用程序将迎来寒武纪大爆发般的发展。

As as said in this article, a Cambrian explosion of the new apps in development.

我认为中心化平台将不堪重负而崩溃。

And I just think the centralized platforms are going to buckle under the weight of it all.

由于他们必须实施的控制、限制和过滤措施，这些平台终将走向衰亡。

It will be they will essentially go through the of their platforms because of the level of control and restriction and filtering that they will have to take over.

他们现有的所有问题会越来越严重，安全性会越来越差，而同时用户面临的所有阻碍、限制和摩擦却会持续增加。

All of the problems that they currently have will get worse and worse and worse, and they will get less and less safe at the exact same time that all of the hindrances, all of the restrictions, and all of the barriers and frictions specifically to the user will continue to increase.

回到Keybase这个话题，我认为它确实是解决这个问题的一个非常巧妙的开端或尝试。

And going back to the fact that key base, I think, was a really kind of ingenious beginning or attempt to solve this problem.

Key Base的一个大问题是这个，这很有趣，因为我甚至不知道这件事。

One of the big issues with key base was that which is interesting because I did not even know about this.

我记得Key Base曾经流行过一阵子。

I remember key base kind of being a thing for a little while.

我注册了它。

I got on it.

我现在还有个Key Base账号，曾通过它和几个人发消息聊天，但我一直把它看作某个实体。

I still have a a key base, and I there were a couple people that I messaged and had conversations through it, but I always thought of it as some entity.

而且我不知道，对我来说它从来不是什么开放协议之类的东西。

And I didn't know you know, it was never to me, like, some sort of a open protocol or anything.

然后他们显然被Zoom收购了，之后开发就完全停滞了。

And then the fact that they were apparently acquired by Zoom and then development has completely stalled.

它基本上就停滞不前了。

It's just kind of been stagnant.

Noster不会遇到这种事，因为没人能买下Noster。

Noster that can't happen to Noster because nobody can buy Noster.

甚至没有具体的公司可以针对或收购。

There's no specific company to even target or go after.

因为一个团队和一个应用未能持续开发，一家公司——想想看，Zoom收购了他们，然后项目就死了，因为他们没有持续投入适当资源来维护这个平台。

Well, because one group and one app failed to continue any development and one company essentially you think about that, like, the Zoom essentially bought them and then the project died because they did not keep up with or put in the proper investment into continuing the platform.

确保这种情况不发生的唯一方法，就是建立一个开放的、由人们共同建设的去中心化网络。

And the only way to ensure that that doesn't happen is an open decentralized network of people building on stuff.

要创建可行的开放去中心化市场、去中心化应用商店、去中心化托管等服务，唯一方法就是建立信任网络来导航。

And the only way to have a feasible way to create open decentralized marketplace and decentralized app stores and decentralized hosting and all of these things is if you have a web of trust to navigate it.

我知道我在这里反复强调同一个观点，在节目中也多次讨论过，但这件事真的太重要了，我觉得它没有得到应有的重视。

And I know I'm kind of beating the same drum over and over here, and I've talked about this a lot on the show, but I I just this is such a big thing, and I don't think it's appreciated as much as it ought to be.

要让这个信任网络真正成功、发挥其价值，我们还有很多基础工作要做。

And it will still there's still groundwork to be laid in order to make this, succeed or become truly the web of trust and provide the value that it can.

但关键在于它正在成长，正因其真实的社交体验和zaps功能而被人们接纳。

But here's the thing is that it is growing, and it is it is being adopted because of an authentic social experience and zaps.

整个信任网络概念实际上是这个项目的第二部分。

The whole web of trust stuff is literally part two of this.

这是第二章的内容。

It's the second chapter.

但推动这件事发展的基础，关键在于它如何解决社交领域的重大问题。

But the foundation that is making this thing grow is specifically about how it fixes massive problems in the social sphere.

另外随便提一句，如果你用Mac电脑，应该试试Little Snitch。

Also, just total random note, if you are on Mac, you should use Little Snitch.

我超爱Little Snitch。

I freaking love Little Snitch.

我居然没意识到自己在Linux上没用Open Snitch，这实在太蠢了。

And I did not even realize I don't use Open Snitch on my Linux, and I definitely that's stupid.

我都不知道为什么自己完全没考虑过这个。

I don't know why I have not I don't I don't even know why that wasn't on my radar.

所以感谢这篇文章提醒了我这件事。

So just a shout out to this article for reminding me of that.

但基本上这篇文章说的就是为什么Noster、Pairedrive、PubKey、Satslantis这些工具正在逐步解决这个拼图的各个部分。

But basically everything in this article is why Noster, why Pairedrive, why PubKey, why Satslantis, why all of these tools I think, are beginning to solve pieces of the puzzle.

因为，Nostr自身无法解决的问题之一，或者说基本上只是通过中继系统勉强实现的，就是真正去中心化的有效托管。

Because, like, one of the things that Nostr doesn't solve on its own or that has basically just been kind of hacked together with the relay system is decentralized, hosting effectively.

从某种意义上说，它确实是去中心化的，但仍属于伪去中心化——如果你的连接中继数量不足，或者中继没有保存数据，你仍可能丢失数据，而且中继不太可能存储极其久远的历史记录。

Now in a sense, it is, but it is still kind of pseudo centralized, like, can still lose your data if you were not connected to enough relays or relays aren't saving that data, and relays are unlikely to store an incredibly long history.

所以你必须主动进行管理。

So you have to kind of actively manage it.

而我认为，当你开始引入所谓的'节点'——即那些希望保存完整历史记录的用户群体时（我相信Nostr有足够多的专业用户），就能初步构建一个类似BitTorrent的点对点网络。

Whereas, I think when you start adding in, quote unquote, nodes in a of people who want to save their entire history, and I think there are enough people out there, essentially pro users of Nostr, to essentially bootstrap a a sort of BitTorrent like peer to peer network.

注意：我并不是说整个系统都要变成点对点模式。

And no, I don't mean that the whole thing becomes peer to peer.

我的意思是：托管和服务器可以无需域名、无需传统互联网服务器就能访问。

I mean it in the sense that hosting and servers can be accessed without domain names, without traditional internet servers.

因为当人们听到'点对点'时，往往会联想到志愿者网络——每个人都托管所有内容，但这并非我的本意。

Because I think what a lot of people hear when they think peer to peer, that they think I mean or that someone is referring to something specifically that's just like a volunteer network and everybody's hosting all stuff.

我所说的价值在于：通过点对点协议，你可以选择多个主机，连接任意主机都无关紧要；也可以同时连接所有主机进行下载/访问，并确保每个服务器上的信息/视频等内容完全一致。

And that is not what I mean, and that's not what I think the value is necessarily specifically in having a peer to peer protocol where you can select multiple hosts, and which one anyone connects to is irrelevant, or you can connect to all and download from all or access it from all at the exact same time and know that it is the exact same information on and the exact same video or whatever it is on each one of those servers.