SAFE Network - Test 16

With Test 15 someone overwhelmed the network by filling it up. Now you say someone downloads aggressively.
It has to be the same person right?

Caching is only implemented for Immutable Data, but safe://constellations is entirely in Structured Data (with files under 3KB and directories under 100KB), and any mutable data cannot be cached because it is not possible to mutate instantaneously every cached copies in the network.

This is true for SD but also for AD and MD.

3 Likes

If it is, then shouldn’t we know or have some idea of who that is, as invitation only?

1 Like

You don’t an account to access the network, so no.

1 Like

Ah…right, thanks. :smile:
So what would the fix for this be?
Edit:
I’m thinking Safecoin won’t fix this one as free gets and requiring an account isn’t a long term fix?

There are several things we have looked into, but basically we are being forced to implement things we did not wish to until after Alpha 2. It’s a bit of a pain but also a good thing in a way. As we tell people what limitations are and help folk go through the code then it seems the bad side of that is that before the system is ready for such attacks we have at least one person trying to cause a nuisance. It’s not clever but probably is not too bad, just we need to actually treat early tests with a bit more care in terms of not allowing such openness.

We know the next steps and vaults will require some additional parts now and we cannot just release the next part for everyone to test, as quickly. Instead we must now keep the releases back a bit and make sure we add in the components to prevent such attacks, like start a bunch of vaults, switch off / on, disconnect partially off and on etc. It’s not clever and easy to do, we let folk know it’s easy, but players will play and all that jazz. So we will have a wee bit of work to do.

Clients are partially protected with tokens, but what a shame really, it’s life though and it does not worry us at all, just a wee reminder that not everyone is trying to help, some (very very few) will just do what they can to spoil a party, however they wont spoil this party :wink:

In terms of what is really required to sort this completely, then it’s node age, secure name, full sig checks, safecoin, data chains etc. So the complete answer is when everything is in place this wont happen, but we really must work more now to put in place temp parts of code to allow us to iterate in the open while we do implement all those parts. We can though and we will, we will just make all the good folks happy and give even fewer, not so supportive, a game to play.

[Edit} I should add, we will need to be careful with community networks now as well, if these are open then they are an easy target to spoil.

34 Likes

hmm… I had a thought to take down the one large file I’d put up, save that being drawn too many times too easily but then can’t authorize demo_app for ‘No such data’ error.

Would one option be to lock the unauthorized GET until other elements in place?

I would hope we do not need to go that far, but yes this would be another option.

2 Likes

Mods please move if this is off-topic

What is the shortcut to get the Tools in beaker?
On safe://nostrils.scotcoin I was missing a background image.
When I check locally I see I had a typo in the css file. But it would be nice to be able to check “live”.

Another beaker Q

How do I get the Favourites to persist between sessions?

I’ve been thinking about this for last few days, with aws, droplets and the likes thereof a determined attacker with a few dollars to spare can so easily disrupt the network. What’s the quick fix?

1 Like

Ban AWS Vultur and Digital Ocean IPs…

You didn’t say you wanted a quick, clean fix…

There may not be a quick fix for folk to run vaults from home right now. We need to give some thought to it, there is vault tunnel spam on the network now so this attacker is really trying hard to spoil things while we iterate the tests. We could run with known IP’s and whitelists to ban unknown vaults etc. but it’s a bit backwards really and does not include the community in building this. We could have a simple setup your own network but again it’s not a good solution.

Lets see what we can do though before taking draconian measures like that.

13 Likes

Yes that is pretty much the same as whitelist, but it’s not a good solution. Node age and a few smaller bits would prevent this current nonsense really. It’s not hurting us, but it is hurting the community, although it does mean a few late nights for us to speed through some parts that should be post alpha 2. So we will see :wink:

15 Likes

Would a larger network help mitigate these attacks? If the upload threshold was lowered a little and the 1 Vault Per LAN restriction was eliminated I suspect the network size would grow significantly. Would that make a difference?

1 Like

I’m sure I’ll be corrected if Im wrong here but I thought the one vault per LAN restriction was to do with NAT hole-punching - or a meringue?

I was under the impression that it was due to people starting a ton of instances and inadvertently disrupting the network by causing huge churn, back then resource proof also did not exist so slow connections running multiple vaults is clearly not helpful.
That was my understanding.

4 Likes

Your explanation makes more sense than mine.

Isn’t something like this a solution, were it configured to update itself and just keep joining test networks?

If it isn’t, tell me what does solve this problem with users running nodes at home, and I will try to put together a solution. SAFE was such an inspiration that I can truly say there’s no chance I’d be doing what I do today if it weren’t for stumbling on this forum. This isn’t a profit-play: I’ll facilitate this however gets it done, even if that means simply making introductions.

6 Likes

This is somewhat flattering right? The Safe Network is a growing threat to all existing power structures and similar tech, not that it has to be seen that way but that is how it will be to those grasping for money and power. I hate to hear that the team will be having to spend time on work arounds :expressionless: but I trust and respect the teams decisions to have as many folks engaged in testing as possible. Although I would love to see Mutable Data delivered as soon as possible but obviously now there are some extra hurdles, so I just have uncontrollably blurt this out…

Bring on the Node Aging!!! :smile:

10 Likes

I would say one doesn’t need to exclude the other and we could both have an invitation-only based network up to serve those wishing to focus on building apps, while an open network is used to tweak the settings needed for resisting attacks on the network.

7 Likes