Update 14 October, 2021

Thx 4 the update Maidsafe devs

This is a mayor milestone

Keep hacking super ants

Really hope to see a tut for the testnets, maybe ordinary or clueless people could also help

Would love to help

9 Likes

Just to clarify, don’t they mean 90% of the way to integrating sn_api and sn_cli into the safe_network lib?

4 Likes

For the multiple passwords thing, wouldn’t it be simpler to use a single underlying password?

Then an app could:

  1. Take multiple end-user passwords (typed password, hardware key, etc)
  2. Create multiple files containing the underlying password, encrypted by any number of different combinations of end-user passwords.
  3. Upload these encrypted passwords to the user’s public storage in case they get deleted or something.

That way, the network itself would only have a concept of 1 password per user, and a user could choose between using the officially-endorsed login system (username, password, hardware key or whatever) and the underlying system (password, possibly not even username).

Apart from keeping the core simple, surely classifying password management as an app issue would also be useful in speeding up the network release?

3 Likes

We had some instructions in the other testnet threads, but please let me know what information you feel is missing that you need. Would love to have you involved.

5 Likes

I hate to bother Maidsafe devs for this @chriso, but would be fun to have an a to z, how to set up a testnet on your own. If it’s possible @josh do make your muscle “twitch” and we’ll observe and hopefully replicate or join in. Ideally I want it students breaking the testnet over and over again and fixing/looking for bugs. It would be helpful, if this can be run from @ home.

4 Likes

Thanks for this. I think a lot of Users forget their passwords. This will be very important for the network. Great work team!

3 Likes

I am happy to help you, just as I was helped.
The instructions are actually pretty good and all questions I had are answered in the testnet-tool thread.
I submitted a PR today to hopefully prevent people from getting stuck where I did.

Unlike running a network locally unfortunately this method is not free so not ideal for most people who want to have a quick prod.

9 Likes

Nice update Maidsafe team!

One Repo “box” to rule them all!!

box-to-rule-them-all

5 Likes

Just noting it could become free if the sn_testnet_tool were adapted to work with Oracle cloud as well as DO…had a look at terraform a few months back, but this is way above my skills…

PS that would be a good community project…looks like is ‘just’ scripting…

3 Likes

You submitted a PR to the sn_testnet_tool repo? I don’t see one.

@19eddyjohn75 you can use safe node run-baby-fleming to get a local testnet.

If you want to join in, keep an eye on things next week and if there’s anything you don’t understand about how to get something running, please just ask.

5 Likes

Why is that, because of a free tier? Most cloud providers have those, and they are generally extremely limited.

3 Likes

This is all great. Glad to see the restructuring in this direction. Nice work!

6 Likes

That’s true, but I believe Oracle free offering is particularly generous?

Arm Ampere 4 OCPUs and 24 GB of memory and 250GB max disk space (or 4 instances with 1/4 resources)

Would this be enough to bootstrap the network, assuming other nodes can join to strengthen the testnet?

2 Likes

From what I can see though, it looks like it’s limited to 30 days. So you’d need to keep signing up with different email addresses all the time. With AWS, I think you can just use resources under a certain size for free, possibly for a year or something, I can’t remember. Though, they’re obviously quite small resources.

2 Likes

Yes you’re right, and what you suggest here is what will be happening on the network.

Account access will be done through a ‘root secret key’. The standard way to use the root secret key will be by combining several other secrets together (called key shares). The user is mainly interacting with key shares, not the root secret key directly.

From a technical angle, the combining of key shares into a root secret key is done using the threshold crypto scheme in the blsttc crate (previously threshold_crypto crate).

The problem here is the underlying password would only be as strong as the weakest file.

With threshold crypto it’s not enough to compromise any one credential, the attacker needs at least a certain number of keyshares before they can combine them into the root secret key.

This will still be possible. An advanced user could choose to set their own root secret key and not do any of the key management stuff.

It really comes down to how permissions work on the network. The account is accessed by reading a private bit of data on the network. That private account data can only be read by providing a signature from the root secret key. The way the user chooses to generate that signature (the obvious way using a single key, or using a threshold signature scheme, or using some other third-party way of generating a signature) is at the app level, not the network level.

What maidsafe is aiming at is the root secret key being secure by default, which means more than just being an X characters long password or being stored in Y different locations. The ability to revoke a key share from a device without changing the root secret key is one of the important aspects that’s possible when using key shares as the main point of contact (ie keeping the root secret key ‘hidden’ behind the layer of key shares). If we were directly trying to manage the root secret key the revocation process becomes more difficult.

19 Likes

I can confirm it keeps working after 30 days you just don’t have support. After @happybeing mentioned them in the forum I set one up and have had a wire guard and shadowsocks vpn running on an arm version on the fee tier.

It’s also standing by for test net :wink:

4 Likes

Well apparently I omitted the submit part! done now.

7 Likes

We probably have too many threads going on this one topic :slight_smile: but seeing as we are here.
I think 12 instances is the minimum 1 genesis and 11 nodes (default is 4vcpu-8gb).
Not sure how many Maidsafe use to start a public test though, I would think quite a few more.

3 Likes

To clarify, I meant any user-specified combinations, which would exclude single items unless the user felt like keeping it less secure.

Would be interested to see how this works.

3 Likes