So I realise that there is a lot more to the Safe network than backups. I do see backups as an easily understood & compelling proposition: Buy this thing and your data is private and safe forever.
Once people are using the network they’ll likely explore apps etc, but backups is a good way to entice people in. If you want to backup all your stuff having a home server is a pretty decent way of making sure you have enough Safecoins to do so.
So how do I run a home server? Simple; Just
- Pick some hardware (choice/complexity/problem)
- A barebones linux distro (choice/complexity/problem)
- Then edit your sources list in the command line (choice/complexity/problem)
- Install a vault
- Then install whatever other software you need such as a samba share, media server, webui etc (choice/complexity/problem).
So I’m wondering if it would be good to give people a simple proposition;
- Buy this thing from these people
- Put this card in it
- Which installs a basic system & Safe client for you & configures your sources list to include the safenetwork PPA
- It comes with a point and click webui that you can use to install extra stuff if you want it, or just to keep the OS & Safe Vault up to date.
It seems to me that
- Odroid XU4 in a cloud shell box is a good thing to buy, Odroid already have regional partners that would probably ship a ISO on SD card if they were selling well.
- Creating an Ubuntu server ISO with some configuration and webui isn’t actually that hard, it’s not a full blown distro.
- Running a desktop on a server is suboptimal, & introduces additional security risk
- Webmin is horrible and should be burnt, however http://ajenti.org/ is pretty nice and would allow creating point & click scripts (see buttons on the right below) and already includes a mechanism to update your software.
We’d need to clear it with http://ajenti.org/licensing to make sure they were happy that shipping a preconfigured card was under their free licence, but I’m pretty sure it would be OK.
I’m thinking we could then stick a nice simple web site up that ‘sells’ the system, provides a manual etc, with links to all the Odroid regional partners that have agreed to ship the system as a bundle with an ISO on a card.
So is this a good idea?
There is no arm support yet.
Are you sure about that? @happybeing has posted some build instruction for the older XU3 here do you mean it’s not officially supported?
Yes. I didn’t see a commitment from the project to support several architectures at the outset.
Great idea, though. Just need to get supported architecture.
It might even help people with adoption, to say “Hey, this is a cheap, completely secure, forever backup solution. Just plug this in, set it up, interface it with your network and it’ll let you back up securely. It’ll also earn you the safecoin needed to backup, and should even pay you something more. Even if you don’t care about doing other things on the SAFE Network, it’s a great solution to what you’re already trying to do. Try it! It’s cheap!”
Package it with a built-in router to replace your router when you need one, and should catch on.
I’ll buy one when you start offering them.
It is an excellent idea! ARM is a priority, and @dirvine knows I’ll skate him to oblivion if it isn’t supported ;-). Actually, it is key to his plans for SAFE because mobile clients will be very high priority. So even though vaults require a bit more CPU than a client, having the client running on ARM will make vaults on Odroid pretty straightforward, and frankly if MaidSafe don’t do it, I’ll have a crack myself. So I don’t think ARM support is anything to be concerned about. @janitor is overly pessimistic in general IMO, and way off here.
That’s his job. He keeps us honest.
Already included in our Continuous Testing framework (on an odroid) so we are OK, skate is still on though
Great stuff Have you played around with the XU4 devices? Or just the older XU3?
Only the U3 (not XU3). Before the move to Rust I cross compiled the C++ libraries on x86 for ARM and ran the self encryption example successfully on U3.
I haven’t tried this since the move to Rust, but @Ross has left some teeth marks on it, and I expect will be tackling it again before long, maybe once the installers are all humming along nicely
Hmm so thinking about this a bit more…
If I have a home server with say 1Gb of files and 5Gb running a Safe vault, I can’t automatically copy my 1Gb to the Safe network. I need to run the client to do that.
So I could manually back stuff up using my laptop: I mount my home server via Samba I launch the client and I can move stuff between the two. But that process can’t be automated without:
Leaving the SafeClient running on my server, at which point my credentials are only as safe as my server.
Storing the credentials on the server and periodicly launching the client via cron, at which point my credentials are only as safe as my server.
So as I originally imagined it this idea is a bit of a non-starter…
Not quite. I don’t believe your credentials will be exposed beyond the client retrieving and decrypting the data map. So you can leave a client running without exposing your credentials - at least I can’t see any reason why they would need to be retained in memory, so for security, the launcher (which is normally the only thing to see them) will I hope, discard them by overwriting their storage after use.
@viv can you comment on this?
This is true and same for private keys no longer required. These are stored in data types that erase after use. Also things like kernel hardening and memory scrambling etc. help a lot as well. We need to secure audit the credentials to ensure this is all as safe as possible though. Ensuring no keys are used or in memory that are not essential is also important.
A bigger issue for sure is the end user OS and this will make a difference as the recent OS updates form Apple and MS are at least curious.