My proposal is to have a stricter browser. Or even have HTTP headers coming out of the proxy that disable HTTP(s) access from the page. Or if the proxy is warranted, it can be installed like any other app.
5 Likes
Is it possible to ditch the concept of HTTP, and use something new?
2 Likes
Image a Facebook type social network where you actually CONTROL YOUR DATA!!!
That is a mic drop moment for SAFE.
6 Likes
Publishing a website with a JS application that can authenticate against your local launcher is a fantastic concept. The user just authorises it and can then create a blog (it whatever) in their own storage space, which would immediately be accessible by others.
And with PtP, that user would earn Safecoin just by checking a box to watermark their content with their wallet address! 
No adverts, no paywalls, no lonely donate buttonâŚ
7 Likes
I would like to have one profile = passport facebook blog store message forums â kind of thing. It would be awesome to have everybody on the same platform
Edited: ThisâŚ
1 Like
Someone could do like an HTML5 type UI with modules and such for add onsâŚthink a chrome browser type interface with apps or like a SAFEPress with pluginsâŚno ads, no 20 different passwordsâŚthe possibilities are endless!
1 Like
There should be no issues if there was a SAFE âtoggleâ button in the browser. When toggled on, no HTTP requests would go through. If this is implemented, I donât see any issues with CORS. Would you agree?
Tbh, for something basic, all you would need is a standard directory/file structure/format, which any (authorised) app could write to an other people could retrieve. Essentially, it could be like having your own REST API end point, that others (your âfriendsâ) could use as feeds.
Ofc, there is nothing stopping the above on the clear net, but I suspect the ease of access to secure storage is a blocker. Having an open platform is also the polar opposite of what the likes of Facebook want.
1 Like
The CORS thing was more about whether a .safenet (port 80 because itâs proxied) page could make a call to localhost:8100 which I am saying I hope it canât. The HTTP headers comment is more about whether you can make HTTP calls from inside of safenet pages; specifically the headers I am referring to are CSP headers, ref: Content Security Policy - Wikipedia (but I question whether that is enough, itâs not like it can prevent cookie storage or other fingerprinting techniques).
I was recently asked about w3c saying replacing http was a bit mad. I explained we wonât stop http, but we will stop httpd (servers) so all of the advantages of html without the servers. So I see it happening like this (perhaps).
- A browser (the electron app is a browser really)
- Allow
safe:instead ofhttp://for location of data - Data may link to other locations, but only using
safe:as the location - This data will be http pages with all the links etc. we currently have, html video etc.
The other issue we have not covered yet, but will be quite clear is the ability to link modules. So rather than http::somewhere/angular.js for example you can have an DNS service for javascript (letâs say a type of SD is 999 and this is software) So TAG 01 is javascript and then we have angular as the name. So we then use a tag more like safe:software/01/angular.js if you see what I mean.
This can be delivered in many ways but interestingly also by the hash of the known code, so say rust:crust is hash deebabd6372 and this is published in various dev blogs, i.e. I use deebabd6372 (rust::crust) which is just a datamap of public data (no service/no dns). We know this hashes to the name (so immutable and cannot have a virus injected etc.). People then can reference just that with safe:deebabd6372 and know what it is. This gives security without need for curation. A nice thing is that this is immutable, i.e. we will always get that version if we wish, it cannot vanish from servers.
So there are a few tricks to try and ideas to develop here that will have some pretty big improvements on package manager or even compiled code (single compilation units).
Interestingly that is not even close to the beginning. First though secure browsers would be good and probably a simple electron browser or similar could be a start, recognise all http tags, except location urlâs, which get replaced by safe.
Sorry I donât have too much time right now, but this is to get everyone thinking a little deeper into this area. There is a significant upside for data and program security thatâs not obvious, but pretty clear when you look. These are two simple ways to introduce something quite special, there is a way to go when we all get a chance to play. Please ignore the js stuff/electron etc. I am no javascript programmer, but I will be throwing a few things out soon enough I hope.
24 Likes
â I am very happy to read this. These seem to be fundamental requirements to me !
Thank you for all the dedication and vision.
5 Likes
I am getting so excited I can hardly stand it. Thank you to the whole MaidSafe Team! I am already moving to a part time day job, but the speed you guys are going I may just have to SAFE it full time!!!
You have changed my life forever. The last two or three years has completely transformed my mind and body. I know it is a little deep for an update, but I just want you to know that you guys and gals are changing lives in ways never thought possible. Thank you will never be enough.
17 Likes
Thanks Maidsafe devs for yet another great update, really donât know how you guys do it.
[quote=âRoss, post:1, topic:7915â]
We are currently working on a promotional video for the Launcher and the app examples. This video will be simple and aimed at interested users who have not yet downloaded or seen the Launcher. The idea for the video is to show Launcher and its use case, along with some context to give people a feel for what the project is about.
[/quote]Iâm so glad to read that something like this is going to happen. I love @fergish his podcast, but a video and showing how stuff work [speechless, but super happy to see it happen 
].
I hope that devs creating apps for the SAFE Network will also make videoâs of their coding/demo app etc. These could go on sites like Codecademy, Lynda, Udemy etc. this could also inspire new people learning to code to make apps for the SAFE Network.
7 Likes
Oh goodie, I cannot to see your master plan!
Thank for the clarification. It really helped me out to see the big picture.
4 Likes
Reading all the stuff across the board , I really need
replacement bodies to harbour the increase in spirit 
4 Likes
I get the security advantages of using the hash instead of the name of a module (rust::crust used as example in your mail).
But is it not a disadvantage if there is a new version of a module with, for example, a bug fix? Because then the hash changes and all references to it have to be updated to use the fixed module.
Or is that the price to pay and are bug fixes not that common with such modules?
Might be similar to downloading software or programs, where thereâs a link to each new version with different âfixesâ etc., but each file is immutable and therefore safe because you know nobody else has tampered with it.
This is part of the conversation and security. If companies are compelled to backdoor a module, we donât want it. If though and upgrade happens we want then we will need to specifically change the hash. So you are correct. If we use the service route then it is automatic though. So there is things to discuss. Either way though the data stays forver, so hacked or backdoored code can be ignored and we can stick to code that does work if we wish. Same ith documents/contracts etc. They stay forever. So we do have the ability to auto-upgrade and with care set versions we wish to roll back to if we wish. Then these versions can be forked to update if we are not happy with what they have done etc.
I think we can get the best of both worlds.
7 Likes
My JavaScript is rather rusty, but it looks like CORS isnât enabled from my scruffy testing.
I can make a call to auth and the launcher asks me to confirm access, but if I use the token to subsequently try to POST to nfs/file, I get âRequest header field authorization is not allowed by Access-Control-Allow-Headers in preflight responseâ.
Note that the examples in the API documentation seem to be rather buggy. It could be related to me using browserify (for the first time!) on the node.js examples, but it looks like response.body.token is correct, rather than response.token, etc.
Still, it was nice to see the launcher pop-up and ask me to authenticate my app. Tbh, it feels good just to get a chance to play around with it! 
2 Likes
Thank you for the response.
I think I understand most of it.
Also a hash is not readable: best to be accompanied with describing comment in source code or so.
If hash is chosen as reference method for a module, then it is best to have a minimum of references (all to be manually updated at upgrade) in 1 website to that module (preferably only 1).
Iâm not that familiar with web development, but I presume that this is the responsibility of the webpage developer and that there are already good enough methods in html etc. to accomplish this?
2 Likes