stebalien changed the topic of #ipfs to: Heads Up: To talk, you need to register your nick! Announcements: go-ipfs 0.4.18 and js-ipfs 0.33 are out! Get them from dist.ipfs.io and npm respectively! | Also: #libp2p #ipfs-cluster #filecoin #ipfs-dev | IPFS, the InterPlanetary FileSystem: https://github.com/ipfs/ipfs | Logs: https://view.matrix.org/room/!yhqiEdqNjyPbxtUjzm:matrix.org/ | Forums: https://discuss.ipfs.io | Code of Con
thomasan_ has joined #ipfs
thomasan_ has quit [Ping timeout: 258 seconds]
commo__ has joined #ipfs
yusef has joined #ipfs
yusef has quit [Client Quit]
commo_ has quit [Ping timeout: 268 seconds]
yusef has joined #ipfs
yusef has quit [Client Quit]
refpga has quit [Ping timeout: 258 seconds]
refpga has joined #ipfs
rcat has quit [Ping timeout: 268 seconds]
refpga has quit [Ping timeout: 250 seconds]
javisantos has quit [Remote host closed the connection]
hacman has quit [Remote host closed the connection]
refpga has joined #ipfs
mischat has joined #ipfs
mischat has quit [Remote host closed the connection]
jesse22 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
commo__ has quit [Quit: Leaving]
refpga has quit [Ping timeout: 245 seconds]
thomasan_ has joined #ipfs
zeden has quit [Quit: WeeChat 2.3]
refpga has joined #ipfs
user_51 has quit [Ping timeout: 258 seconds]
user_51 has joined #ipfs
}ls{ has quit [Ping timeout: 268 seconds]
_whitelogger has joined #ipfs
lassulus_ has joined #ipfs
chuenlye[m] has joined #ipfs
lassulus has quit [Ping timeout: 244 seconds]
lassulus_ is now known as lassulus
Belkaar has quit [Ping timeout: 258 seconds]
Belkaar has joined #ipfs
Belkaar has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
spinza has quit [Quit: Coyote finally caught up with me...]
Mateon1 has quit [Quit: Mateon1]
Mateon1 has joined #ipfs
spinza has joined #ipfs
rendar has joined #ipfs
Caterpillar2 has quit [Ping timeout: 245 seconds]
Caterpillar2 has joined #ipfs
}ls{ has quit [Quit: real life interrupt]
alyoshaaa has joined #ipfs
<alyoshaaa>
Hi guiys
<alyoshaaa>
I noticed that there is an option in the latest go-ipfs changelog for 'sign all messages', I was just wondering if there was a write-up of exactly what 'signing' entails here
<alyoshaaa>
seba-: but is it like verifying the identity of the node it came from? do we process it ourselves/ can we? is there a definition of what the signature looks like or how it is generated?
<seba->
i'm not a developer, so i wouldn't know for 100%, but from what i understand:
<seba->
peerid = hash of public key
<seba->
but pubsub is multicast, i.e. you can't encrypt it that easily (you would need all the public keys of everyone)
<seba->
so you digitally sign it instead
<seba->
so that everyone knows that it really came from a certain peer
hphs^ has quit []
<alyoshaaa>
sorry if this is dumb but
<alyoshaaa>
does IPFS come with a keypair baked into it?
<whyrusleeping[m]>
Yeah, without pubsub message signing, you can’t actually be sure the message you are receiving is actually from the peer its claimed to be from
<seba->
i don't think so, when you do IPFS init you generate a keypair
<alyoshaaa>
basically I want a user to be able to give other users an IPNS that points to a JSON of IPFS/IPNS links of user 'posts' that the user can update
<alyoshaaa>
but the user needs to be sure that the JSON is actually created by that user
<seba->
that's signing then
<alyoshaaa>
yeah
<alyoshaaa>
I thought I'd have to implement it manually
<alyoshaaa>
is it done already?
nst^ has joined #ipfs
<seba->
well it says it's not being verified yet
<whyrusleeping[m]>
For pubsub messages yeah, we have signing implemented already
<alyoshaaa>
Oh I see
<alyoshaaa>
But not for regular IPNS/IPFS stuff?
<seba->
so even if it's done you have to implement the verifying
<whyrusleeping[m]>
IPNS is already signed and verified
<alyoshaaa>
Okay so
<alyoshaaa>
does that mean if your node goes down or is compromised
<alyoshaaa>
unless you backed up your keypair
<alyoshaaa>
you woudl have to make a new 'profile'
<alyoshaaa>
in my use-case
<seba->
whyrusleeping[m], i'm having troubles with ping, but i think i know why ... i sniffed unencrypted traffic and i think it's a bit more complex the negotiation that we had in our short chat
TristanBKildaire has joined #ipfs
<whyrusleeping[m]>
If you lose your keys, yes, you have to generate a new keypair
<alyoshaaa>
I had no idea it was all already implemented
<alyoshaaa>
that's great news for me
<alyoshaaa>
thx seba- and whyrusleeping[m]
<seba->
alyoshaaa, well peer to peer is already encrypted with public/private keys
<alyoshaaa>
Okay
<alyoshaaa>
my other question is
<alyoshaaa>
is there some way to implement DNSLink that doesn't require some sort of authoritative/centralised server
<alyoshaaa>
and also that does not reveal to any MITM who the user is looking up
<alyoshaaa>
I've been looking at DNSCrypt and OpenAlias which are nice
<alyoshaaa>
but neither of them answer the problem of needing an authoritative server
<whyrusleeping[m]>
seba-: Last we talked, I think I didn’t make it clear that ‘negotiate X’ means, use multistream to negotiate which protocol to use next
<alyoshaaa>
I was looking at a hashed trustless keyserver model
<seba->
whyrusleeping[m] oh ok, but is this anywhere written ... it's like RFC (or similar) doesn't exist... it's like a bunch of ideas and hear and there more details
<whyrusleeping[m]>
Yeah... I’m trying to get specs written soon
<seba->
whyrusleeping[m], ok, well i captured the ping with wireshark (unencrpypted of course) i'll analyse that and try to repeat
<seba->
i'm just quite busy these days :'(
<seba->
alyoshaaa, thing is that each peer has its own peerid which is the sha256 base58 (or something like that) of the public key
<seba->
whyrusleeping[m], it is clear if you have an idea how the protocol approx. works :-) for me it's even hard to understand the order of the code as it's in many files. but it did help me, not saying it didn't.
<whyrusleeping[m]>
Heh, yeah...
<whyrusleeping[m]>
It’s always easy to say its easy when you wrote most of it... >.>
<alyoshaaa>
seba-: couldn't this be used to uniquely identify a node, so if the user is posting dissident content, their identity could be revealed?
<alyoshaaa>
via their IP
<seba->
alyoshaaa, yes
<alyoshaaa>
ah okay
<seba->
you can directly query the dht then
<seba->
for their ip
<alyoshaaa>
I've been looking at wrapping the app in something like Kovri/I2P
<alyoshaaa>
but Kovri doesn't look mature enough yet
<whyrusleeping[m]>
seba-: do you have anything on github?
<seba->
like if you get the hash of the file, you can query the dht for providers i.e. which peers have it
<seba->
then peers for the ip
<whyrusleeping[m]>
If you’re doing a greenfield libp2p implementation I’d love to follow along
<seba->
whyrusleeping[m], well i'm doing that, just the beginning ... i'm doing in PHP, because it's just a language i have 15 y of experience in (i know it's a shitty language) and it's easy. i think i'll try to do it in something better then, it's more for me to really understand the protocol.
<alyoshaaa>
seba- do you have any other suggestions for hiding the real IPs of nodes?
<seba->
alyoshaaa, proxies/tor/i2p is supposed to work, but a trick would be to put content on IPFS, do a http request of the hash via few public gateways
<seba->
that way your identity would be protected partially
<seba->
i mean and after putting on the public gateways disappearing
<seba->
it's not perfect, but better than nothing :)
<seba->
i don't know what was implemented insofar
<seba->
i just read a lot of proposal/documentations/specs
dsiypl4 has quit [Remote host closed the connection]
dsiypl4 has joined #ipfs
<kyoumann>
hi
<postables[m]>
i was able to solve the issue. `$IPFS_PATH/datastore_spec` also contains the type and path of the datastore. Updating that to match the settings in `$IPFS_PATH/config` worked. WOOT
<voker57>
if you want to hide data you should encrypt it
dsiypl4 has quit [Remote host closed the connection]
dsiypl4 has joined #ipfs
dsiypl4 has quit [Max SendQ exceeded]
<Obo[m]1>
glad you got it working postables
<Obo[m]1>
that'll be a cool experiment. Fingers crossed you don't run into any issues with it
<postables[m]>
it will certainly be less issues than running the IPFS node off an iSCSI volume
<postables[m]>
redirecting the path should be pretty value can probbaly even fuck around with LVM too
<jonathan[m]1>
<postables[m] "it will certainly be less issues"> what kind of issues do you run into when using iSCSI for ipfs?
mrph6774 has left #ipfs [#ipfs]
<postables[m]>
@jonathan: The only issue was having my IPFS node run off the iSCSI volume as opposed to the datastore running off the iSCSI volume. When I had the entire node running on iSCSI it was horrendously slow for just general IPFS node usage. While also doing some stress test of our production environment a network cable became unplugged, which plunked the volume into read-only on my linux node. This is expected, but I'm not sure
<postables[m]>
the IPFS node liked that and it basically broke the node.
<postables[m]>
The solution was to have `$IPFS_PATH` set to a direct-attached disk, and point the datastore to the iSCSI volume. So far no issues, and I suspect this will allow for some neat tricks like remounting the iSCSI volume as read-write and being able to circumvent any potential headaches
<postables[m]>
the only other issue i had with this setup, was initially being unable to redirect the datastore to a seperate volume. However this required a 2 part configuration, one updating the `$IPFS_PATH/config` and the other updating `$IPFS_PATH/datastore_spec` to match the settings in `$IPFS_PATH/config`
<jonathan[m]1>
That is strange, I've never had any issues with latency or speed while using iSCSI on other projects. I actually have lower latency on iSCSI that I have on my own drives on the server.
<jonathan[m]1>
Well, it is good to know. I was considering running the storage on iSCSI (10Gbit storage network), but I have to reconsider that
<postables[m]>
i wouldn't say oyu need to reconsider that, but you would need to reconsider having the actual `$IPFS_PATH` be the iSCSI volume
<postables[m]>
however that shouldn't be an issue since it looks like the amount of storage space being consumed by the IPFS node and stuff is 61MB
<postables[m]>
what are you using for your iSCSI system? I have a equallogic PS6000, havent' done any kind of performance enhancemnets yet just got the base system up and running. IT would also depend on what your disk settings are, we're using RAID6
<postables[m]>
its certainly not as fast as my other IPFS nodes with direct attached disks though
<postables[m]>
*edit:* ~~its certainly not as fast as my other IPFS nodes with direct attached disks though~~ -> its certainly not as fast as my other IPFS nodes with direct attached disks though, that could perhaps be an issue with badgerds, will be spinning up a flatfs based iSCSI backed IPFS node today once im at the datacenter
thomasan_ has joined #ipfs
plexigras has joined #ipfs
rendar has quit []
psiconauta has joined #ipfs
lidel has quit [Ping timeout: 250 seconds]
lidel has joined #ipfs
SunflowerSociety has joined #ipfs
purisame has quit [Ping timeout: 246 seconds]
psiconauta has quit [Remote host closed the connection]
Sunflowery has quit [Ping timeout: 245 seconds]
purisame has joined #ipfs
psiconauta has joined #ipfs
kapil____ has quit [Quit: Connection closed for inactivity]
woss_io has joined #ipfs
ikari` has quit [Quit: This computer has gone to sleep]
dimitarvp has quit [Quit: Bye]
test1ng[m] has joined #ipfs
test1ng[m] has left #ipfs [#ipfs]
MDude has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<edrex>
Dat's access control is at the level of repositories. The discovery key is a hash of the public key which can be blasted out on DHTs etc. Once the seeker finds peers claiming to have the repository, i think I think they do some Diffie Helmann to solve https://en.wikipedia.org/wiki/Socialist_millionaires to make sure both parties have the public key.
Starism[m] has joined #ipfs
Seb[m]1 has joined #ipfs
<Starism[m]>
Hello everybody. I need some help - It is not possible for me to access an added file to IPFS. Could anyone help me please?
<edrex>
This could be done at a granular level too I think. Tahoe-LAFS uses similar techniques to solve a similar problem, but the data is encrypted e2e. I'm working on a wiki that compares and criticizes all these different systems, which should hopefully be useful as a reference.
eof has quit [Quit: eof]
<postables[m]>
Starism: define your problem in detail.
ichoquo0Aigh9ie has quit [Remote host closed the connection]
<Starism[m]>
We have also tried to manually connect to each other using "ipfs swarm connect" command,
<Starism[m]>
but that returns a "failure: dial to self attmpted" statement.
ichoquo0Aigh9ie has joined #ipfs
<Starism[m]>
So thats about it
mackitu has quit [Quit: Page closed]
eof has joined #ipfs
spinza has quit [Quit: Coyote finally caught up with me...]
<Swedneck>
what's the network setup like?
<postables[m]>
1) requesting on a gateway is slow. The gateway needs to go through a discovery process. IF the conten thasn't been cached expect 10 minutes
<postables[m]>
2) sounds like you're hitting NAT related issues
<postables[m]>
try configuring port forwarding on your routers
<postables[m]>
*1) if the content hashn't been cached already, and the gateway isn't connected to your poeer
<postables[m]>
*edit:* ~~*1) if the content hashn't been cached already, and the gateway isn't connected to your poeer~~ -> *1) if the content hashn't been cached already, and the gateway isn't connected to your peer
<Obo[m]1>
I'll second what postables is saying
<Obo[m]1>
you're likely running into an issue where port 4001 is blocked
pirata has joined #ipfs
<Obo[m]1>
There error messages you're receiving are almost exactly what I ran into when I was first building Pinata.
<Obo[m]1>
*edit:* ~~There error messages you're receiving are almost exactly what I ran into when I was first building Pinata.~~ -> The error messages you're receiving are almost exactly what I ran into when I was first building Pinata.
<Starism[m]>
Im not entirely sure which address i should port forward to, when im browing my routers settings. Can you help me here?
<postables[m]>
also a good command to run `ipfs swarm peers` if that shows peers, than it means your NAT issue isn't so bad, and you just need to forward a port
psiconauta has quit [Ping timeout: 246 seconds]
Caterpillar2 has quit [Ping timeout: 250 seconds]
<Starism[m]>
when running ipfs swarm peers i get shown 2 connections
<postables[m]>
you'll want to port forward 4001 TCP, to the IP of your node
<Obo[m]1>
sometimes the peers can still connect
<postables[m]>
try a port forward and that should solve your issue
<Obo[m]1>
IPFS can be sneaky like that
<postables[m]>
another good command `ipfs swarm peers --direction` will show whether or not its outbound or inbound
<Obo[m]1>
try running "telnet {yourIP} 4001" from a machine separate than yours
<Starism[m]>
ipfs swarm peers --direction
<Starism[m]>
returns about 12 logs, all going outbound
<Starism[m]>
Does that mean no one is connected to me?
Kris[m] has joined #ipfs
<postables[m]>
it means you're establishign a connection to other peers but they aren't connecting back to you, further indication of a port forwarding issue
<postables[m]>
*edit:* ~~it means you're establishign a connection to other peers but they aren't connecting back to you, further indication of a port forwarding issue~~ -> it means you're establishign a connection to other peers but they aren't connecting back to you, further indication of a port forwarding issue or your router blocking inbound port 4001
<Starism[m]>
Yeah, i think my router might be blocking port 4001.
<postables[m]>
first step would be to setup port forwarding for TCP:4001 -> your machine, if that doesn't resolve also unblock port 4001
<postables[m]>
my tcp ports there are different because i have 3 nodes behind the same public IP
roygbiv has joined #ipfs
spinza has joined #ipfs
<Starism[m]>
Having a hard time port forwarding here
<postables[m]>
one more thing you can try if you have more issues is in the config file mark `DisableNatPortMap` as `false`.
<postables[m]>
what's causing troubles?
<Starism[m]>
The interface is not really well designed.
<Starism[m]>
Not sure how to open TCP 4001 on my machine
<postables[m]>
heh classic home routers such pieces of shit lol. The only suggestion I have without you disclosing what kind of router you have, is to search for router-specific configuration
<postables[m]>
additionally you may also want to talk to your ISP because some of them can be very stringent with the kind of port forwarding rules they allow customers
<Starism[m]>
Whats that DisableNatPortMap ?
<postables[m]>
i've never used it before so I'm not 100% sure, but based on what I know about IPFS I would hazard a guess that having it disabled restricts the actions your IPFS node will take to attempt to punch NAT holes in your router
purisame has quit [Ping timeout: 244 seconds]
ikari` has quit [Ping timeout: 268 seconds]
ichoquo0Aigh9ie is now known as jacky
Papa_Alpaka has joined #ipfs
<Starism[m]>
Should both External and Internal start port be 4001?
nst^ has quit []
SunflowerSociety has quit [Read error: Connection reset by peer]
<Starism[m]>
Is it maybe the iSCSl Service that has to be allowed through my windows firewall?
mischat has joined #ipfs
bph^ has joined #ipfs
zeden has quit [Quit: WeeChat 2.3]
<postables[m]>
if you're only running one node, external+internal start/end should both be 4001.
<postables[m]>
iSCSI? not unless you're using an iSCSI storage service
pirata is now known as psiconauta
purisame has joined #ipfs
roygbiv has left #ipfs ["™"]
MDude has joined #ipfs
<Starism[m]>
Ok, what do i put in as my Internal IP address?
<postables[m]>
the IP address of the machien you're running the IPFS node on
<Starism[m]>
when i write ipconfig in my cmd, would that be my IPv4 Address?
ikari` has joined #ipfs
<postables[m]>
yup, you would want to make sure that you're looking at the right interface, haven't used windows in awhile but i remember `ipconfig` would show a lot of different interfaces. Another thing you can do is check the DHCP leases on your router and find the lease for your machine
Taoki has quit [Remote host closed the connection]
xcm has quit [Remote host closed the connection]
<Starism[m]>
Ok, i really have opened up my port 4001, and port fowarded that port
<Starism[m]>
but i still dont see any inbound peers
<postables[m]>
whats your peer count now?
<postables[m]>
no inbound isn't neccessarily a bad thing
xcm has joined #ipfs
<Starism[m]>
i have 806 outbound connections
<Starism[m]>
or client connections
<postables[m]>
i have 1507 peers, only 300 are inbound so it should be expected
rno_ has quit [Read error: Connection reset by peer]
<postables[m]>
NICE 😄 sounds like you've solved your nat issues then
rno has joined #ipfs
<Starism[m]>
i mean, when i access the web ui
<Starism[m]>
it says i have between 500 and 800 client conenctions
<Starism[m]>
swings up and down
<postables[m]>
yea it will always go up/down so thats nothing to be concerned about
<Starism[m]>
but still i have no inbounds i th ink
<postables[m]>
im not 100% familiar on how inbound works but that may only show up if people are requesting stuff from your node, so that's probably nothing to be concerned about
<Starism[m]>
Ok so how do i actually check if it works? Like
<Starism[m]>
What now?
<Starism[m]>
Can i upload an image and get my friends to see that image?
<Starism[m]>
I dont understand, why is it taking so long?
Taoki has quit [Remote host closed the connection]
<postables[m]>
Taking so long in what context? If you're attempting to browse through a gateway expect a roughly 10 minute request duration while the node looks for the peer hosting that content
<Swedneck>
i don't seem able to retrieve it from my node
<postables[m]>
Starism if possible can you publish your multiaddr for your IPFS node? It will let us be able to further debug what your issue could be
MDude has joined #ipfs
<postables[m]>
When you run `ipfs id` does it show your public IP?
Taoki has joined #ipfs
mauz555 has joined #ipfs
<Starism[m]>
I’ll have to get back to you tomorrow, it’s getting late here sorry. But thank you so much for helping me. I appreciate it a lot
<Starism[m]>
And yes, I was talking about the 10 minute wait to retrieve an image from online gateway
emix has joined #ipfs
emix has quit [Remote host closed the connection]
emix has joined #ipfs
emix has quit [Ping timeout: 258 seconds]
jesse22 has quit [Remote host closed the connection]
cheet has quit [Ping timeout: 240 seconds]
cheet has joined #ipfs
cubemonkey has joined #ipfs
cubemonkey has quit [Changing host]
cubemonkey has joined #ipfs
Papa_Alpaka has quit [Remote host closed the connection]
jesse22 has joined #ipfs
cubemonkey has quit [Read error: Connection reset by peer]
jesse22 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
cheet has quit [Quit: ZNC 1.8.x-nightly-20190111-e415d9f5 - https://znc.in]
xcm has quit [Remote host closed the connection]
xcm has joined #ipfs
pecastro has quit [Read error: Connection reset by peer]