Launch of a community safe network

#282

Ok, I understand the problem better, but I don’t know why this happens. Maybe someone from @maidsafe can explain this?

What a pity you had to stop your node (958753) which was running uninterrupted since January 18th, to be able to access Alpha 2 network.

1 Like
#283

I have rebased my safe_vault fork on current Maidsafe repository, recompiled it with latest rust version (1.33) and build a new docker image.

I am about to update the docker swarm service with this new image. The 4 docker vaults will be restarted with a 40 mn interval between each.

2 Likes
#284

I’ve done some extra tests.
Restarting Vault when SAFE Browser is connected -> no problem.
From the moment I see in the Vault logging:

Resource proof challenges completed. This node has been approved to join the network!

the SAFE Browser can’t connect anymore.
For an already connected browser: static sites (e.g. safe://cyberpunk) keep working, but errors on ‘dynamic’ sites (e.g. safe://to-do).

#285

I had the same problem. It’s a Crust problem - it tries to bootstrap from LAN first, finds your vault, sees that the network names disagree, reports an error and gives up. I reported this to the Crust guys and I think they either fixed it already or will fix it, but unfortunately, this won’t affect the SAFE Browser or the vaults, as they are stuck on an older version :frowning:

8 Likes
#286

I have just launched another update of docker vaults to replace the IP address in the web app url by its domain name. The ulterior aim is to replace the container managing the web app by a service, but this will be done later.

The update interval between 2 successive vaults is 2 hours.

5 Likes
#287

Update is finished and web app is now a docker service, which means that it is automatically restarted whenever it crashes or server is rebooted.

Vaults that joined my docker swarm already benefited of these features, but not web app itself. This discrepancy is now corrected.

6 Likes
#288

I have added a new tab in the web app (Docker) that displays another view of the nodes that have joined my docker swarm.

Its content is a combo of the 2 commands I most commonly use to check the state of the swarm when I connect to one of my hosts ("docker node ls" and "docker service ps").

5 Likes
#289

@tfa did you get one of these, any idea what this is about/what to do?

We have received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.

Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.

Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.

Kind regards

Abuse Team

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 5050
Fax: +49 9831 5053
www.hetzner.com

Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller

On 20 Mar 05:14, reports@reports.cert-bund.de wrote:
 Dear Sir or Madam,
 
 open DNS resolvers are abused for conducting DDoS reflection/
 amplification attacks against third parties on a daily basis.
 
 Affected systems on your network:
 
 Format: ASN | IP | Timestamp (UTC)
  24940 | xx.xx.xx.xx | 2019-03-19 01:06:37
 
 We would like to ask you to check if the open resolvers identified
 on your network are intentionally configured as such and appropriate
 countermeasures preventing their abuse for DDoS attacks have been
 implemented.
 
 If you have recently solved the issue but received this notification
 again, please note the timestamp included below. You should not
 receive any further notifications with timestamps after the issue
 has been solved.
 
 Additional information on this notification, advice on how to fix
 reported issues and answers to frequently asked questions:
 <https://reports.cert-bund.de/en/>
 
 This message is digitally signed using PGP.
 Information on the signature key is available at:
 <https://reports.cert-bund.de/en/digital-signature>
 
 Please note:
 This is an automatically generated message. Replies to the
 sender address <reports@reports.cert-bund.de> will NOT be read
 but silently be discarded. In case of questions, please contact
 <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
 of this message in the subject line.
 
 !! Please make sure to consult our HOWTOs and FAQ available at
 !! <https://reports.cert-bund.de/en/> first.
 
 
 
 Mit freundlichen Gren / Kind regards
 Team CERT-Bund
 
 Bundesamt fr Sicherheit in der Informationstechnik
 Federal Office for Information Security (BSI)
 Referat CK22 - CERT-Bund
 Godesberger Allee 185-189, 53175 Bonn, Germany
#290

No, I didn’t receive such messages. I have 2 safe vaults and 1 web server, so nothing using “open DNS resolvers”.

In the past you mentioned that you were using the node also as a VPN server, could it be that part?

#291

Could be, or more likely an aborted go at installing pi-hole. In not sure how to undo that - time to search a bit.

1 Like
#292

No joy in getting that file. Tried from a couple of computers.

Any chance of checking.

My odroid hc2 arrives in a few days and I am trying to get my xu4 running to test things out

1 Like
#293

Ahh, it was hosted on my Raspberry Pi, which stopped working recently for some reason. I’ll try to find the file and host it somewhere else (or fix the Pi).

3 Likes
#294

Have you tried safe://vault.arm/safe_vault-linux-arm-musl.zip? This is/was on this community safe network, not sure it has survived restarts etc.

3 Likes
#295

Would be good if you could.

Maybe @tfa can add it to his github for the community network. Would help a lot.

3 Likes
#296

hmmm, I checked some chunks stored on my Vault and I could actually read the content of some. Shouldn’t all data be encrypted? Or does this version of the software not support this yet?

4 Likes
Founding Fundamentals | part 2
#297

An immutable data smaller than 3 kbytes is not split in chunks and isn’t encrypted. In this case the datamap is the original file itself.

2 Likes
#298

Small private files are always encrypted I may assume?

It’s probably another discussion/thread, but I can clearly see some html pages. Normally this would be fine as it is public, but if the content is something abusive, then I am acutally aware that my vault is serving this and I might even get prosecuted if some agency seize my vault.
(I always thought everything was encrypted, so nobody could know what a vault is actually storing)

1 Like
#299

Got to say this is a bit of a worry. Small chunks of unencrypted data… what if I am storing bank details, etc… all it takes is a little luck then for someone to spot data that is valuable.
@nevel could you post a screenshot of what you are describing?

Say its not true? :frowning:

#300

1 Like
#301

Ahh… okay on first glance that looks scary. It is a lot of plain text data!!

But! That looks like publicly available data via website anyway.
What you are doing is sort of like a view source of a publicly available webpage.

I’m not so concerned now.

Comment from devs would be great though.

edit: but! i get what you are saying now. What if this was leaked national security data put up publicly?
You could have every name of every undercover agent in the field, on your hardisk.
Ah, it is a little worrying.

1 Like