Could one send PHP to SAFE instead of Apache?

I know this is a weird question but I was reading through a JSON manual and it got me thinking. Could one send PHP, or any other language which is typically used with server side coding to something OTHER than a server and use it with SAFE instead of a server? Like if I recall correctly AJAX is where one uses javascript + xml and PHP together but PHP is typically reliant on a server. But could one rig PHP to run off say node.js or something else or set up SAFE to mimick server functions enough so that PHP could send and receive messages to and from it?

1 Like

I was thing about this yesterday…

I suspect what can happen is that you will have Servers attached to SAFE — They will listen for messages routed over the SAFE network and will update SAFE with new data. So, While there are "no servers in SAFE, There certainly could be servers listening to SAFE and Writing to SAFE…

Most data can be requested from the clientside without server intervention… They will just get a map out of structured data that tells them where the data lives and how to fetch it – Queries can run clientside over most datasets…

4 Likes

Continuing on from @jreighley

PHP is only special because it is running on the server and accessing a centralised database, even if just files and not a formal database. AJAX is really just a way to format requests to the server (running PHP often) and how to use the returned info.

So really your question can be rephrased as can we directly access data (bases) from the APP. And @jreighley covers that.

1 Like

@jreighley

I suspect what can happen is that you will have Servers attached to SAFE — They will listen for messages routed over the SAFE network and will update SAFE with new data. So, While there are "no servers in SAFE, There certainly could be servers listening to SAFE and Writing to SAFE…

The metacurrency project have developed a protocol for doing this (can’t recall the name but easy to find).

OK, that would protect you from law-enforcement officers (LEO) walking in and seizing the server. However, your data can be leaked in other ways:

  1. The server operators have the server at their premises and aren’t very efficient at securing the console, or they are crooked, or they cave in to LEO demands to implement spying on the data transmissions at a point prior to encryption.

  2. The server is at a third party data centre - all of the above, probably worse since it is even more convenient for LEO to get the cooperation of the data center provider. The server operators don’t even need to know.

Anyway, it just seems inelegant, like an automobile being pulled along by a horse; you build an incredible, new, SAFE network, and use it as a glorified VPN.

Well, Servers are still protected by the routing system just like clients are… Nobody should be able to trace where they are than they would any other client. A server would just be a client as far as the network could tell – one that read and wrote a lot of data… In essence that isn’t any different than how anything else on SAFE will work.

The servers could also store all their data and programs on SAFE. So even if they where raided, what they where doing wouldn’t be stored locally.

Computers have risk. That will never change, SAFE only makes it SAFEr…

It would be nicer to have distributed computing in SAFE… You probably could set up Etherium or something like that to run the services… SAFE has distributed computing stuff on it’s radar now — But for now, out of the box, that is most likely how it works.

1 Like

So am I correct in saying the server has to have the launcher running to be able to access data from safe? If the server is raided are my credentials at risk and all data is accessible now?

Depends on how you design it. I would be careful.

If I where to do it, the 'Server" would probably be a SAFE app… Until you logged in, it wouldn’t exist, and after you logged out it wouldn’t exist, but you would have to be logged on all the time for the system to work - and that is a risk…

You could probably have many clients running the update services from many locations, and many different accounts, if you engineered it right.

But you are wiser to run services from servers in jurisdictions where what you are doing is legal…

1 Like

Interesting… I’ll have to let the synapses fire on this for a bit. Thanks.

A server could be located by traffic analysis over time, by a global observer, by injecting data at a client and observing when and where a similar-sized chunk of data comes out. That scenario has already been been established as feasible for Tor given some months of continuous attack, and I don’t see how SAFE would be different in that regard. Such analysis is hit and miss in the short term but grows more certain over 3 months or more, and for an end-point such as a server with a fixed IP with many clients communicating with it.

Once a server is identified as a suspect server then LEO just go to the hosting company and demand that the server be tapped, with hardware or software.

The unencrypted data flow is accessible to anyone with access to the console and the necessary tools.

Irrelevant. The data and programs have to be loaded into the server’s RAM at some point in order to run the programs and process the data.

[EDIT]I was referring to your scenario of a single computer operating as a server. However, a “server” that is actually a changing pool of client machines would be another matter altogether.

Uhm , What do you propose?

What I suggest will work. It may not be ideal for every application, but data needs to get into the network somehow. And it needs to have co-ordinated writes if it is going to be trustable…

What is the difference between a person putting data onto the network via the SAFE client and a machine putting data on the network via the same means? Not much. The risks are the risks…

Lets take a simple example. Comments on a blog post. How are they going to get published?

I’m just analysing the idea; I have no aggressive intent or ego investment, and I’m happy to be shown better ways of doing things.

I was just saying that, for a persistent server, it can be tracked down about as well as it might be on the Tor network (if there were the same number of machines in the network, obviously).

There are some useful “hidden services” on Tor, but the expectation that one might have for SAFE is much higher, such as some form of compute layer.

As a stop-gap, I would propose frequent changing of IP address, including providers, and if the server is portable, then connect at free wifi spots on a random basis.

I think something like apache zookeeper could be built to coordinate many different nodes processing write/updates…

I don’t think there is any difference between a “server” and any other client when it comes down to the bare bones… The risks are insanely small compared to most anything on the market…

But yes, if somebody where to raid you while the service was running they probably could scrape your ram and make a case against you —

But they would have to find you first, and that is no easy task in SAFE… Remember they don’t know what the data is that is being uploaded. It is all just gibberish routed though a rather blind X/OR process… Besides these severs really aren’t uploading anything – Just updating database indexes (Structured data) to show where information lives so that various clients know what to ask the network to retrieve… The traffic generated from such updates would be quite small — and probably indistinguishable from other things that SAFE clients would be doing constantly…

Hi, you’re just repeating yourself, and I’ve already addressed the points you raised. I’ll leave it at that.

I disagree that you ave addressed my points, but I will also happy leave it at that if you choose to not engage

How is alleged 'server" any different than any other client? What identifies it’s PUTS as anything different from anyone else? As far as the network is concerned it is all just encrypted gibberish, right? All I have to do is transmit one “GIT style hash” to the network as a Structured data update, and the underling behavior of a website can change. That isn’t really detectable or unique behavior…

SAFE is an significant upgrade on TOR. That has been addressed many times over though…

1 Like

I think it would be enough to proxy the SAFE packets to localhost running web server + php. Such as Tor does with SOCKS.

This is why much of ‘the scene’ makes use of servers running on encrypted partitions with deadman switches. It’s not security through obscurity or any kind of hiding shell game, but once the server is located, it makes things challenging for LEO.

1 Like