TestNet1 AMA (Ask Me Anything)

I do not think its an unreasonable statement at all Mark. We’re all MaidSafe now :smile: We cannot prove we currently are but we definitely should always strive to be better. I think tor is not a great measure as its a different thing, but people will measure time with a ruler and distance with measuring jug. The issue will be all these projects are not 100% but should all strive to be in their own arena.

1 Like

Totally agree, that is why I didnt really like it being expressed like that. My point was that some people use Tor when they risk death, torture or imprisonment if their identity is revealed. While your network may be a suitable replacement, I wouldn’t make that claim until there are proper formal papers written, and a lot of eyes have seen them.

But anyways I was totally missing a crucial point, (and wasting your time ooops!), because it took me a while to see that a node only ever sends RUDP messages to his close nodes, due to conflicting papers, videos etc, and probably my laziness. I thought that the node would be sometimes talking directly to another to perform a dht store of a pointer (as in the video)

I agree with this. There are papers written and none more formal than the patents and university papers which are published and peer reviewed. I see this a lot, we need papers, but nobody knows how many we need or how many eyes etc. I say the best way is measurement etc. I think as pgp came out and way widely used there was very little proof points (it was even illegal to export the algorithm). TOR was the same and has showed flaws (apparently paid by the US Navy), truecrypt is a mystery etc. I doubt there is a short circuit mechanism to prove security other than widespread use.

We know how widespread the NSA injections into many standards was and that was hundreds or thousands of papers and in the wild software. How much is broke ? Or the possibility of NSA keys etc. in Windows computers or Apple perhaps being able to remote access you whether on TOR / i2c or not.

So unless we put a foot forward and yes I think we can state we have designed for security privacy and freedom for all. We invest huge (I mean huge) amounts on review, third party checking and we are as open as we can be (look at me answering these posts, when we have a network to launch, the price we pay is enormous). There is not much left but to use this in the wild.

If there are bugs then we will kill them off, if there are weaknesses we will close them down. So far we have 100% less vulnerability than any system out there, of course on launch this may change. We have Engineered code to be readable reliable and able to be easily checked, this is a massive difference if you look at other projects, there is a ton of obscurity, even in open source stuff. An analysis I seen on truecrypt was a load of code that seemed to be there to pad the code base out and make it difficult to read, I do not know how true that is, but that enormously dangerous if it is true.

So given the choice of going through any network that included servers (that are owned by people who can be forced to give up info) with any system I choose a serverless mechanism every time. Then I need only trust the tech and I can measure that. In most other cases I need to trust servers and network owners. So I see it as a hugely different proposition.

So we cannot say its 100% secure and we cannot say its 100% insecure, we can say its our priority to ensure we are the most secure system from day 1 and all data and communications are contained within the network, no exits and no servers. So I think there is a step change in what we are talking about.

If we look at many of the new email services which all claim anonymity and some take cash (anonymity gone), run on servers (anonymity gone) and have admins, regardless of client side encryption then I think what we are offering significantly outweighs these services.

It is a very different proposition and its hard to not think of servers and centralised solutions and attacks. I know how hard that is.

6 Likes

I understand your feelings, and that you have enlisted a much more engineering hands-on approach, which is great. I agree wholeheartedly that the best thing to do now is just to get the whole thing running, show people that it works, increase the size of the community etc.

Later on though I think it important that claims of security / anonymity / etc be argued in a more formal fashion. This makes it far easier for researchers to examine your work and try find new imaginative ways to attack it.

There are a wealth of papers on Tor for example which helps enormously in discovering new attack vectors that were never even considered at the time it was first created. The Tor protocol is still considered pretty damn secure and is well documented in the literature. Of course, one needs to be careful about the endpoint security (the browser has such a large attack surface)

3 Likes

It’s not only the Browser also the OS.

Maybe instead of a Maidsafe Browser running on an Os, we should have an Os running in a Maidsafe browser (like Google Chrome Os). You could basically sandbox everything (Qubes os) and let it run completely in memory (Tails Linux). Who knows, you could also tap into the memory of the Maidsafe network. Hihihi

Maybe we could even go MAD SCIENTIST on this. Like every other Os apps running in the Maidsafe Browser, for example like a roozz.com & wine setup.

3 Likes

1 Does Data Synchronisation happen automatically or should I do it manually?
2 If 1 node containing my data goes offline, is it replaced by another node, so that the total backup is always 4?
3 Could nodes be blocked from connecting and how is it solved?
4 Are their any weaknesses or drawbacks to using RUDP?
5 Does the login/logout got a timer, let’s say I haven’t been active for 1 hour it automatically logs out?
6 Could you explain how the update manager works?

1 Like

Can I use SAFE to automatically sync files so I can work offline, or do I have to use a separate program to achieve this (syncing my local files to my SAFE virtual drive)?

1 Like

Can you clarify if testnet 2 will be the point at which we can all begin farming? That’s the feel I get from the roadmap you posted.

1 Like

testnets are for test only - any farming will be of coins that will be destroyed before the network goes live.

2 Likes

Ya I just want to get the hang of how it works before go live so I’m not fumbling like an idiot when it launches :slight_smile:

6 Likes

I do like the idea, and the more I like this, the more questions and skeptical thoughts I have…

What if the nods in safe network is dishonest. For example, I upload the context by myself, and consume it by myself in different accounts or machines. So I can get the reward by myself, via many different accounts?

This one is easier, it should cost you more in work (bandwidth, storage) than you will ever gain. To Farm a coin will be easy early one, but harder later, hopefully the network will be millions of nodes and yours will be part of that, the farming is amortised across the network so like buying more lottery tickets can improve your chance of a win, it’s actually just taking more from you. So you may need to download your 1Mb chunk several million times in the early days and more later on. There will be other costs (encryption) to, but essentially this is the best way to think of it.

1 Like

Is it really “millions” of accesses to earn a significant amount of coin? This seems counter intuitive because if farming is to be a business proposition, the reward needs to at least slightly exceed the costs of storage and bandwidth, including overheads. Its different if farming is purely generated from spare capacity on already running systems, but I don’t think this will happen for a long time if ever, because of the need for a good deal of “always on” capacity.

Intuitively this looks like an unprofitable attack, but I’d like to understand the maths better. I may be totallly missing something if it really is “millions” of accesses, in which case the maths needn’t be so rigorous!

Hey @dyamanaka, any talk of a date yet on this? Love to have the video sections to share with people when they ask those specific questions I’m only slightly familiar with.

Greetings! I understand that desktop clients are first on the list to be privileged and secured by maidsafe but being a very on the go user and the endless insecurity of mobile devices.

I am so anxious to know what the plans for the maidsafe client to be on iphone(im an iphone user) and android phones are? Would it be an app in an App Store or a profile you install? Or would an iphone even have to be jailbroken. I would feel far more comfortable knowing all my info was stored on the safe network. In apple ios8 they will have ‘extensibility’ feature to let all apps “securely” talk to you’re phone, so maybe this would allow maidsafe app to store all info encrypted on the network and still provide full factory functionality to the device. Although I still wonder about such things as the article I posted(essentially a remote data dump I believe). I have seen mobiles are on the roadmap I’m just very hungry to know details etc :smile: this is a great community with great discussions and fearless leaders I’m very glad to be a part of it even if all I can lend is food for thought and resources on launch. Thank you

4 Likes

The date is dependent on when @dirvine can do a hangout session with either @ioptio or one of the other pods. I know MaidSafe is very busy right now trying to get through TestNet1 so the AMA video answers are on the back burner right now.

Keep adding questions so they can discuss it on the next Dev Meetup.

You could send a direct invite to @nicklambert to help answer some of these questions on SAFE Cafe #3

It will :slight_smile: it will also likely to be millions though, well depends on number of users, amount of data, current network safety margin (free space) and how quick it grows. If a single person or machine could emulate the bandwidth of millions of users the attack may happen, its just humans are really bad at this game. This is why the lottery wins, we think we can game it. In this case SAFE is the lottery and the users are farming on it. So its a blind lottery that pays out 100% of income to players.

When you add in caching both deterministic and opportunistic then repeated gets of data you know will be unbelievably difficult and result in avalanche attacks against your own ability to get the data from your vault. IT self protects this way quite well. Again waayyyy to many variables though. Honest I will try and write it all down in more detail. I intend to do a blog post (been too long) in none euclidean maths and xor in particular. Very very simple, but extremely different from our counting system and the knowledge of this will show how incredibly difficult it is to explain in English in a way we know of it (like logs or something). More importantly it will show how incredible things can be achieved in a non linearly addressed network of individuals. It should help an awful lot, well there is my eternal optimism again :wink:

3 Likes

I think I get this, thanks for explaining. You are incredibly patient and attentive to this community and all our questions. :slight_smile:

5 Likes

Updated the OP with the date 8/10/14 which is the next Dev Meetup with Pods: (Troon, SF, and Montreal) this should be a good one!

We’ll try to fit in some AMA questions between the tripod conference. If Washington DC pod can attend, that would be spectacular.

  1. Can a non-developer do anything with the s/w today?
    I read the install guide and I’d like to install the s/w, but it’s not clear what I could do with it.
    For example, could I use the testnet with Examples posted on Github?
  2. How to set MaidSAFE settings?
    A URL with docs would suffice.
    I’m interested in how I could set what part of filesystem can be used, how much bandwidth can be used, etc. because of security and network congestion concerns.
  3. Does it help to the project (devs) to have a node running on the testnet?
    If yes, what are you looking for - a variety of architectures and OS, fast nodes, large capacity?
2 Likes