stebalien changed the topic of #ipfs to: Heads Up: To talk, you need to register your nick! Announcements: go-ipfs 0.4.18 and js-ipfs 0.34 are out! Get them from dist.ipfs.io and npm respectively! | Also: #libp2p #ipfs-cluster #filecoin #ipfs-dev | IPFS, the InterPlanetary FileSystem: https://github.com/ipfs/ipfs | Logs: https://view.matrix.org/room/!yhqiEdqNjyPbxtUjzm:matrix.org/ | Forums: https://discuss.ipfs.io | Code of Con
xcm has quit [Remote host closed the connection]
vmx has quit [Remote host closed the connection]
xcm has joined #ipfs
ddahl has joined #ipfs
gts has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat has joined #ipfs
gts has quit [Ping timeout: 246 seconds]
mischat has quit [Ping timeout: 252 seconds]
ddahl has quit [Ping timeout: 268 seconds]
frislie[m] is now known as thatissomesexyli
thatissomesexyli is now known as M1123456789[m]
M1123456789[m] is now known as M1234[m]
M1234[m] is now known as M15555555555[m]
M15555555555[m] is now known as frislie[m]
sean[m]1 has joined #ipfs
ddahl has joined #ipfs
zopsi has joined #ipfs
zopsi has quit [Excess Flood]
ddahl has quit [Ping timeout: 250 seconds]
zopsi has joined #ipfs
zopsi has quit [Excess Flood]
zopsi has joined #ipfs
zopsi has quit [Excess Flood]
zopsi has joined #ipfs
zopsi has quit [Excess Flood]
zopsi has joined #ipfs
zopsi has quit [Excess Flood]
mischat has joined #ipfs
ddahl has joined #ipfs
thomasan_ has joined #ipfs
crimastergogo has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
ddahl has joined #ipfs
mischat has quit [Ping timeout: 258 seconds]
ddahl has quit [Ping timeout: 250 seconds]
gts has joined #ipfs
gts has quit [Ping timeout: 257 seconds]
Guest11162 has quit []
ddahl has joined #ipfs
hc1^ has joined #ipfs
lordcirth has quit [Remote host closed the connection]
ddahl has quit [Ping timeout: 268 seconds]
lostfile has joined #ipfs
hc1^ has quit []
mischat has joined #ipfs
hsrt^ has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
lostfile has quit [Client Quit]
ddahl has joined #ipfs
daMaestro has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
jesse22_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ddahl has joined #ipfs
mowcat has quit [Remote host closed the connection]
mowcat has joined #ipfs
gts has joined #ipfs
mischat has quit [Ping timeout: 258 seconds]
gts has quit [Ping timeout: 246 seconds]
thomasan_ has joined #ipfs
thomasan_ has quit [Ping timeout: 250 seconds]
Belkaar has quit [Ping timeout: 244 seconds]
Belkaar has joined #ipfs
Belkaar has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
ddahl has joined #ipfs
mischat has joined #ipfs
mischat_ has joined #ipfs
thomasan_ has joined #ipfs
mischat_ has quit [Ping timeout: 244 seconds]
shizy has quit [Quit: WeeChat 2.3]
ddahl has quit [Ping timeout: 264 seconds]
mowcat has quit [Remote host closed the connection]
user_51 has quit [Ping timeout: 255 seconds]
user_51 has joined #ipfs
xcm has quit [Remote host closed the connection]
xcm has joined #ipfs
mischat has quit [Ping timeout: 252 seconds]
ddahl has joined #ipfs
ctOS has quit [Quit: Connection closed for inactivity]
shizy has joined #ipfs
nvmq has quit [Quit: Leaving]
}ls{ has quit [Ping timeout: 246 seconds]
redfish has joined #ipfs
}ls{ has joined #ipfs
lostfile has joined #ipfs
lostfile has quit [Client Quit]
mischat has joined #ipfs
lostfile has joined #ipfs
crimastergogo has quit [Quit: crimastergogo]
lostfile has quit [Client Quit]
_whitelogger has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
lostfile has joined #ipfs
gts has quit [Remote host closed the connection]
daMaestro has quit [Quit: Leaving]
lostfile has quit []
mischat has quit [Ping timeout: 258 seconds]
BeerHall has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
gts has joined #ipfs
lostfile has joined #ipfs
mischat has joined #ipfs
yhwh has quit [Remote host closed the connection]
The_8472 has quit [Ping timeout: 240 seconds]
toxync01- has quit [Remote host closed the connection]
null1337 has quit [Ping timeout: 258 seconds]
null1337 has joined #ipfs
The_8472 has joined #ipfs
toxync01 has joined #ipfs
lostfile has quit []
mischat has quit [Ping timeout: 258 seconds]
gts has quit [Remote host closed the connection]
null1337 has quit [Ping timeout: 246 seconds]
null1337 has joined #ipfs
}ls{ has quit [Quit: real life interrupt]
gts has joined #ipfs
airwind has joined #ipfs
renich has joined #ipfs
mischat has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
gts has quit [Ping timeout: 255 seconds]
ithith has joined #ipfs
Pulse2496 has joined #ipfs
ithith has quit [Quit: Page closed]
xlued has quit [Read error: Connection reset by peer]
mischat has quit [Remote host closed the connection]
sim590 has quit [Ping timeout: 244 seconds]
ober has quit [Ping timeout: 250 seconds]
akkad has joined #ipfs
sim590 has joined #ipfs
gts has joined #ipfs
fauno has quit [Ping timeout: 246 seconds]
gts has quit [Remote host closed the connection]
gts has joined #ipfs
crimastergogo has joined #ipfs
fauno has joined #ipfs
kapil____ has joined #ipfs
<Swedneck>
lidel: what do you think about making shoku OP, since they're admin on the discord side
vyzo has quit [Quit: Leaving.]
vyzo has joined #ipfs
fazo has joined #ipfs
woss_io has joined #ipfs
chiui has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
vmx has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
mischat has joined #ipfs
Tiez has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
gts has quit [Read error: Connection reset by peer]
gts has joined #ipfs
spinza has quit [Quit: Coyote finally caught up with me...]
lucidd[m] has joined #ipfs
spinza has joined #ipfs
<lidel>
fine with me
rendar has joined #ipfs
rendar has quit [Client Quit]
mischat_ has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat_ has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat has quit [Ping timeout: 240 seconds]
rendar has joined #ipfs
gde33 has quit [Ping timeout: 245 seconds]
mischat has joined #ipfs
mischat_ has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat_ has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat has quit [Ping timeout: 246 seconds]
mischat has joined #ipfs
cehteh has quit [Ping timeout: 258 seconds]
cehteh has joined #ipfs
mischat has quit [Remote host closed the connection]
mischat has joined #ipfs
mowcat has joined #ipfs
mischat has quit [Ping timeout: 255 seconds]
MDude has quit [Ping timeout: 246 seconds]
cehteh has quit [Ping timeout: 240 seconds]
MDude has joined #ipfs
gde33 has joined #ipfs
kapil____ has quit [Quit: Connection closed for inactivity]
mischat has joined #ipfs
mikro2nd has quit [Ping timeout: 246 seconds]
mischat has quit [Ping timeout: 268 seconds]
crimastergogo has quit [Quit: crimastergogo]
mischat has joined #ipfs
mischat has quit [Ping timeout: 250 seconds]
The_8472 has quit [Ping timeout: 252 seconds]
}ls{ has joined #ipfs
zeden has joined #ipfs
xcm has quit [Remote host closed the connection]
Tiez has quit [Ping timeout: 246 seconds]
The_8472 has joined #ipfs
xcm has joined #ipfs
ctOS has joined #ipfs
dennwc[m] has joined #ipfs
Tiez has joined #ipfs
gts has quit [Remote host closed the connection]
gts has joined #ipfs
malaclyps has quit [Read error: Connection reset by peer]
xcm has quit [Ping timeout: 244 seconds]
gts has quit [Ping timeout: 255 seconds]
malaclyps has joined #ipfs
mischat has joined #ipfs
cehteh has joined #ipfs
nast has joined #ipfs
ygrek has joined #ipfs
Mateon3 has joined #ipfs
Mateon1 has quit [Ping timeout: 246 seconds]
Mateon3 is now known as Mateon1
goon12 has joined #ipfs
fazo_ has joined #ipfs
fazo has quit [Read error: Connection reset by peer]
fazo_ has quit [Changing host]
fazo_ has joined #ipfs
ygrek has quit [Remote host closed the connection]
Tiez has quit [Quit: WeeChat 1.6]
mischat has quit [Remote host closed the connection]
mischat has joined #ipfs
gts has joined #ipfs
ddahl has quit [Ping timeout: 255 seconds]
craigo_ has quit [Ping timeout: 246 seconds]
bart has joined #ipfs
bart has quit [Client Quit]
mischat_ has joined #ipfs
sz0 has joined #ipfs
mischat has quit [Ping timeout: 244 seconds]
bcx42 has joined #ipfs
mischat_ has quit [Ping timeout: 246 seconds]
bcx42 has quit [Client Quit]
mikro2nd has joined #ipfs
lord| has quit [Ping timeout: 244 seconds]
lonegunmen[m] has joined #ipfs
mattskala[m] has joined #ipfs
random_yanek has quit [Quit: random_yanek]
random_yanek has joined #ipfs
random_yanek has quit [Max SendQ exceeded]
gts has quit [Remote host closed the connection]
random_yanek has joined #ipfs
gts has joined #ipfs
gts has quit [Ping timeout: 268 seconds]
sgm has joined #ipfs
sgm has left #ipfs [#ipfs]
void09 has joined #ipfs
mischat has joined #ipfs
<void09>
is there any way to serve files on ipfs through tor ?
dimitarvp has joined #ipfs
<void09>
maybe a plugin for .onion, or just direct proxying ? do you even need an open port to host ipfs files, or is it sufficient that the peer donwloading from you has an open port?
<void09>
or are there nat traversal servers set up ?
<Mikaela>
I have understood that IPFS is very chatty and it may deanonymize you when used through Tor. I think downloading works without open ports, but personally I have disabled IPv4 and just use IPv6 and Yggdrasil & Cjdns which appear as IPv6 addresses for IPFS and there are a few users in both.
<void09>
geoah, i think that's different from what I try to achieve
<void09>
it aims to provide a gateway between tor (tor browser used in example) and ipfs
<void09>
I want non-tor peers to access my files, hosted on my computer and proxied through tor
mischat_ has quit [Ping timeout: 250 seconds]
renich has quit [Remote host closed the connection]
Pulse2496 has quit [Ping timeout: 244 seconds]
<geoah>
awh -- you want an "entry" node -- not an exit one
renich has joined #ipfs
<void09>
well the mans through which to achieve this are irrelevant
<void09>
also, can be any other anonimity network if supported by a plugin for ipfs
<void09>
bottom line: host files without revealing my ip
<void09>
host files on ipfs*
<geoah>
hm, I'm not sure how this would work -- in tor afaik the exit node doesn't not know the source is -- for this to work your ipfs peer has to advertise an address
<geoah>
even if it can use the circuit relay thingie in ipfs, it would still be something like /ipfs/ipv4/tcp/exit-node-ip/tor/some-identifier-for-your-node
<geoah>
I guess it would be fine if that was your tor ip? (that's a thing right?)
<Mikaela>
(they aren't, the closest to Tor IP would be Tor hidden service or circuit ID which is different to you than the endpoint if I understand correctly)
<Mikaela>
(*Tor .onion even)
<geoah>
tor hidden service should be fine I guess as long as you can dial it
<postables[m]>
void09: I have an i2p IPFS gateway plugin and an WIP plugin to serve IPFS nodes over i2p
<geoah>
.onion would also be fun, can you do ipns on top of it? :P
<Mikaela>
Can IPFS be made aware of Tor hidden service?
<Mikaela>
I guess swarm config might accept it?
<postables[m]>
.i2p > .onion 😜
<void09>
postables[m], not finished yet ?
<void09>
also, please explain what each does. confused
<postables[m]>
The gateway plugin is finished but the ipfs swarm connectivity is a work in progress
<postables[m]>
void09: the gateway plugin allows i2p users to browse an IPFS gateway as an i2p eepsite while the swarm plugin will allow nodes to talk to each other over i2p
<void09>
postables[m], how does this work ? servers relaying stuff from ipfs to i2p ?
<void09>
for a user to browse ipfs address as an i2p eepsite
<postables[m]>
Which part, the gateway plugin or the swarm plugin? The gateway plugin uses the SAMv3 API to configure a tunnel that talks to the gateway port of an IPFS node
<postables[m]>
So you're basically talking directly to the gateway of an IPFS node like any old gateway but it's over an i2p tunnel. The gateway itself is just a regular IPFS node the only thing that is cloaked is the user accessing the gateway
<void09>
hmmmmmmm
<void09>
but you can't access real network resources through i2p directly, right ? how does that tunnel talk to an ipfs node ? :\
<Mikaela>
I think I2P has optional outproxies which work like Tor exit nodes and often send traffic through Tor
<Mikaela>
but as per above issue I don't have much experience with it and the bug preventing I2Pd dev from testing seems stuck, but maybe it gets fixed before Buster gets released.
<void09>
yes, it does have outproxies. but not sure if it has any provided by default lately. sometimes i could access the clearnet through i2p with a defualt install but it would rarely work
<void09>
this stuff is terribly confusing without nice clear diagrams :P
<void09>
I guess i should try to run ipfs in a vm, and force the vm through tor
<void09>
and share some files.. and see if anyone can download them
<void09>
but I thought maybe someone tried that experiment already and can tell me. i'm pretty lazy :P
<void09>
in theory this should work, right ? I mean, if you are in "passive" mode (no open ports), then the other peer that requests a file tells you (through the dht ?) to connect to it, and you just connect to the peer through the tor exit node, right?
<Mikaela>
I think you would also remove all swarm announces from the config
<void09>
huh?
<postables[m]>
Not really there's very few out proxies. Mikaela I don't think that's an official i2p library.
<postables[m]>
Void09: the tunnel talks to the gateway the node running the gateway handles talking to IPFS nodes just like it does normally. The gateway is just a tunnel accessible over i2p
renich has quit [Ping timeout: 250 seconds]
<void09>
postables[m], not sure i understand. so basically it uses relay servers to bridge i2p and ipfs ?
<Mikaela>
void09, IPFS config by default has some swarm announces which defaults to :: and 0.0.0.0, and I think when you send all traffic to Tor, you remove those so you don't accidentally advertise some weird not working IP
cygeatwin has quit [Read error: Connection reset by peer]
cygeatwin has joined #ipfs
<void09>
Mikaela, I see. not sure what exactly :: is ? ipvs6 for.. ?
<postables[m]>
@void09: not quite it opens up a tunnel directly on I2P to talk to the gateway (port 8080), the node talks to the IPFS network over regular IP traffic. Anyone who talks to the gateway however is talking over the I2P tnnel
<void09>
postables[m], that sounds exactly like a relay to me ? :)
<Mikaela>
void09, :: is IPv6 version of 0.0.0.0
<chiui>
about anonimity, I think ipfs should support more private keys not only for publishing on ipns, but for making requests too
<chiui>
ideally those should be connected to new temporary identities/addresses at lower levels (tor/i2p/cjdns)
<postables[m]1>
uhmm maybe? personally i wouldn't call it a relay since the user accessing the gateway is still within the I2P network and never leaves the I2P network. the IPFS node is fetching the data from what-ever sources it can find it, but its not relaying the gateway traffic from I2P to outsde of I2P than back into I2P
underikar has joined #ipfs
ylp has quit [Quit: Leaving.]
renich has joined #ipfs
lidel` has joined #ipfs
lidel has quit [Ping timeout: 240 seconds]
lidel` is now known as lidel
gmoro__ has joined #ipfs
toxync01- has joined #ipfs
toxync01 has quit [Ping timeout: 250 seconds]
gmoro_ has quit [Ping timeout: 246 seconds]
<void09>
postables[m]1, "the IPFS node is fetching the data from whatever source it can find it" - IPFS node being a remote peer, also in the i2p network, right?
<void09>
and that remote peer/ipfs node accesses the ipfs resources through clearnet, right ?
<postables[m]1>
at the moment the only piece thats in the i2p network is th egateway port
<postables[m]1>
"and that remote peer/ipfs node accesses the ipfs resources through clearnet, right ?" yes that is correct
thomasan_ has joined #ipfs
<void09>
so basically a relay :P
plexigras has joined #ipfs
<void09>
i2p is just the transport to the ipfs gateway
<void09>
so how would this work, how will we find these i2p-to-ipfs gateways ?
<void09>
fetch a list from and i2p address ?
<postables[m]1>
same way you find any other i2p eepsite
<postables[m]1>
if you publish it to a jumpsite address book you can find them there
cygeatwi1 has joined #ipfs
<void09>
haven't used the i2p in a long while
<void09>
do they have an i2p to clearnet via tor gateway now ?
<postables[m]1>
pretty sure theres a tor->i2p and i2p->tor proxy
cygeatwin has quit [Ping timeout: 255 seconds]
fazo_ has quit [Remote host closed the connection]
<void09>
i have to check it out. running through tor over the extra layer of privacy of i2p sounds very cool
<postables[m]1>
i believe it would be using tor as an outproxy
nighty- has quit [Quit: Disappears in a puff of smoke]
thomasan_ has quit [Remote host closed the connection]
mischat has quit [Remote host closed the connection]
mischat has joined #ipfs
mischat has quit [Remote host closed the connection]
chiui has quit [Ping timeout: 255 seconds]
mischat has joined #ipfs
thomasan_ has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
thomasan_ has joined #ipfs
jesse22 has joined #ipfs
mischat has quit []
thomasan_ has quit [Remote host closed the connection]
<void09>
postables[m]1, that's for user -> tor - i2p -> internet
<void09>
i wanted user -> i2p -> tor internet : D
<postables[m]1>
@void09: inverse the setup instructions? :P
padic[m] has joined #ipfs
vmx has quit [Remote host closed the connection]
<momack2[m]>
If anyone is interested in local/offline collaboration using IPFS, come join us on the monthly Locol WG meeting at https://protocol.zoom.us/j/9049149336!
kapil____ has quit [Quit: Connection closed for inactivity]
fauno_ has joined #ipfs
thomasan_ has joined #ipfs
fauno has quit [Ping timeout: 255 seconds]
fauno_ is now known as fauno
<void09>
offline ipfs :?
<voker57>
why not, if you pin everything
<void09>
don't understand how would that work
<void09>
offline = LAN ?
hurikhan77 has joined #ipfs
ctOS has quit [Quit: Connection closed for inactivity]
<MikeFair>
The idea is to make a simple interface to upload/download CID block files/data
<markg85>
yes, i see. But i don't quite know what i'm looking at..
<MikeFair>
Think of this as a really stupid IPFS peer node
<markg85>
So is that to visualize if your file is still alive on the network?
<MikeFair>
that works over HTTP
<MikeFair>
no; to act as a file store backend for IPFS
Guest79237 has joined #ipfs
<MikeFair>
There are tons and tons of shared web hosting sites with boatloads of cheap disk space available linked to frontend web servers
<markg85>
But how does that work as file storage? Is it pinning each file i'm uploading?
ddahl has joined #ipfs
<MikeFair>
It doesn't think in terms of files; it thinks in terms of CID blocks
<MikeFair>
But in essence; yes
<MikeFair>
but it's not a formalized pin
<MikeFair>
So the IPFS daemon puts things in its local file storage yes?
<markg85>
yes, i get it that far :)
<MikeFair>
Imagine instead of your local hard drive it upload it to a web of http servers
<MikeFair>
Think of it like a module for WordPress
<markg85>
isn't that what ipfs-cluster is for?
thomasan_ has quit [Ping timeout: 250 seconds]
<MikeFair>
Imagine if every WordPress website on the planet, by installing an IPFS plugin, could act as the file storage for IPFS servers
<MikeFair>
The challenge for a lot of "simple" folks is running the daemon
<markg85>
yeah, it has it's challenges, lol
<MikeFair>
Lots of people have websites; far fewer have VPS
<markg85>
i have VPS'ses ;)
<markg85>
or rather, a vultr account
<markg85>
and some dockers in there
<MikeFair>
most people here have VPS which is why requiring people to run a daemon is not really seen as an issue
<markg85>
but i see what you want
<markg85>
You want to make ipfs accessible in a very easy way
<MikeFair>
Well, upgrade it to have an internet based hard drive
<MikeFair>
I think it's already very easily accessible -- but only for "distribution" not "storage"
<MikeFair>
The idea here is to make HTTP provide the "dumb storage"
<MikeFair>
The web sites would all communicate with each other and move the blocks around to balance the storage load
<postables[m]1>
ipfs does that already though
<MikeFair>
IPFS reacts in near real time
<postables[m]1>
why reinvent the wheel?
<MikeFair>
postables[m]: IPFS doesn't provide storage
<MikeFair>
it provides routing/delivery
<markg85>
You basically mean load balancig?
<MikeFair>
storage balancing
<postables[m]1>
"ipfs doesnt provide storage" uhm
<MikeFair>
If you have 1TB of data; over time, the HTTP servers would spread the load out
<markg85>
that is neat!
<postables[m]1>
yea it does....
<MikeFair>
postables[m]: You are personally responsible for ensuring your files are in an active IPFS cache somewhere
<postables[m]1>
"If you have 1TB of data; over time, the HTTP servers would spread the load out" ipfs does this already though you just distribute te content to multiple servers and you've spread it out
<postables[m]1>
you're basically reinventing the wheel and forcing web servers to run suspicious cgi files
<markg85>
but could you be forgetting something here? For instance, what if the load is perfectly balanced, but one "server" is just on a slow crippled internet connection.
<MikeFair>
postables[m]: You have to run those servers
<postables[m]1>
or you use a pinning service
<postables[m]1>
you're basically reinventing the entire IPFS stack, combined with forcing web servers to run some random cgi file
wmohanlon[m] has joined #ipfs
<MikeFair>
postables[m]: Not really; I'm offloading the IPFS daemon from using "local storage" and having it use "Web storage" instead
<MikeFair>
HTTP is pretty good at transferring files around... agreed?
ddahl has quit [Ping timeout: 250 seconds]
<MikeFair>
ANd there are _TONS_ of web sites with lots of available disk space
<MikeFair>
But HTTP is dumb; doesn't "hunt" like IPFS does; doesn't do CAS like IPFS; IOW an HTTP server is not an IPFS peer node
<postables[m]1>
i mean you're probably better off getting those web servers to run an IPFS node. i dont think the solution is to force websites to run cgi scripts which is a big nono
<postables[m]1>
i mean you're probably better off getting those web servers to run an IPFS node. i dont think the solution is to force websites to run cgi scripts which is a big nono as they are security risks already
<MikeFair>
postables[m]: But you can't because that's not the service the web ISPs provide
<MikeFair>
I don't care if it's that CGI; script; that's just a dump implementation of the idea
<MikeFair>
err dumb
<postables[m]1>
i mean you could just use js-ipfs to do this
<MikeFair>
You can't actually
<markg85>
postables[m]1: how? That runs locally, right?
<markg85>
Not on the web server
<postables[m]1>
it sounds like you're reinventing a ton of wheels when you're probably better off writting a datastore plugi nthat uses web storage
<MikeFair>
markg85: You could use a Node.js VPS
<postables[m]1>
nodejs would probably do it
<MikeFair>
postables[m]: This script is the other side of that "web storage" plugin
<markg85>
MikeFair: but then you're back in the niche again of users that run a VPS..
<MikeFair>
postables[m]: The piece you're missing is that lots of people don't have VPS and don't want VPS; but they do have shared web hosting
<MikeFair>
markg85: Right; which is why I didn't do htat; but I am validating the js-ipfs point
mihagapiha[m] has joined #ipfs
<postables[m]1>
i would probably assume they dont want to be in charge of running or node, or providing free storage
<MikeFair>
they are happy to provide free storage to pin their stuff
<MikeFair>
I would love to make my shared web hosting service; for which I have GBs have storage space available; and an HTTP server already available; hosting by an ISP that takes to ensure it's always running to serve my IPFS data
<MikeFair>
err takes care to ensure
void09 has joined #ipfs
<MikeFair>
What I can't do is run an IPFS peer node daemon service
<postables[m]1>
i mean they're serving your web server, they would probably catch on pretty quickly that you're doing other thing likes using their bandwidth for stroage and providing storage
<MikeFair>
Imagine for a moment there was a WordPress plugin to turn a WP website into a "Web Storage Node for IPFS"
<MikeFair>
postables[m]: But I'm using it for legitimate web site purposes; I mean it's no different than a photo gallery
<MikeFair>
It's perfectly legit to use a web site to share files with other people; that's like a mjaor use case scenario
<markg85>
It would be a win-win for the provider. The storage load would be shared (bandwidth too).
<markg85>
Or that's as far as i understand your idea now :)
<MikeFair>
There's kind of two steps to the idea
puffi[m] has joined #ipfs
<MikeFair>
Step 1 is really simple; instead of using the local hard drive as the local file cache (or instead of purging files from the local cache); upload them to an HTTP server and use that
<MikeFair>
(and quite frankly it's stupid to ignore the local file storage, so think of the HTTP server as an extension of it)
<MikeFair>
Step 2 is using a cron script to get all these HTTP servers to talk to each other and migrate the CID blocks around to balance out the storage
<MikeFair>
Balance out and provide redundant copies
ddahl has joined #ipfs
puffi[m] has left #ipfs [#ipfs]
<MikeFair>
So when your local IPFS daemon looks for a CID, or sends out its provides list; it supplies the CIDs from its local cache & CIDs from the HTTP "extension" site
<markg85>
Ohh, but that's going to hurt!
<markg85>
You then need to use cron to keep your script alive
<MikeFair>
what part is going to hurt?
<markg85>
and to sync the data
<MikeFair>
markg85: The cron job doesn't sync the data; it wakes up, contancts the list of other web sites it talks about and exchanges info with them; say once an hour; or every ten minutes
<MikeFair>
err talks about = "knows about"/"talks to"
<markg85>
Yeah, i get that it itself doesn't do the syncing. But it triggers it
<MikeFair>
Most web hosting services have amaintanence scheduler
<markg85>
that is not going to scale well (i think) when the network is truly large. As there would be lots of data to sync
<MikeFair>
there is lots of data to sync; but it does it really slowly and in parallel
<rialtate[m]>
Then when you implement activitypub on top of ipfs and make a minecraft clone on top of activitypub you can complete layers 9, 10, and 11 of the OSI model. 🤗
<MikeFair>
think of how active the web is now
<MikeFair>
rialtate[m]: Don't think I haven't thought about that kind of thing; HTTP over IPFS PubSub is kind of like that ;)
<markg85>
That won't work
<markg85>
i think
<MikeFair>
markg85: I don't think this would significantly change the amount of file sharing activity happening between web servers today
<markg85>
that will only work if your servers are alive when the message is about to arrive
<MikeFair>
markg85: Well it would be "many servers" subscribed to the channel; but that's a different topic
<markg85>
If you use cron to wake up every x minutes the message might have been passed already
<markg85>
MikeFair: But i do have an idea for you that does work for this :D
<MikeFair>
markg85: Sorry, the HTTP over pubSub thing is a totally differnet idea
<markg85>
That i just posten in @ipfs-dev too, lol
<MikeFair>
markg85: I think I see where you are going with that; "registered messages"
<markg85>
exactly!
<markg85>
and they live till they have been handled
<MikeFair>
Yeah, kind of tough with the existing infrastructure
<markg85>
or rather, that's the requirement for push notifications. They can live longer
<markg85>
And that's why i made a bug report about it :)
renich_ has quit [Ping timeout: 250 seconds]
<markg85>
or a feature request
matth has joined #ipfs
<MikeFair>
Hmm, It might work if you used the targets IPNS pubKey as the basis for antoher secret key though
<markg85>
MikeFair: oke, on to my idea now. It's really big!
<MikeFair>
It'd take some thought; the challenge is you want to request 1 thing (your ID) and get back lots of different things
<MikeFair>
That isn't a very CAS style request
<markg85>
I'ill give you the quick summary first of the general idea, that is easy to understand. Then i will focus on one very specific point that i just can't wrap my head around (yet). Perhaps you have some bright ideas?
<MikeFair>
Sure
<markg85>
CAS style request? Err, translate that please...
thomasan_ has quit [Ping timeout: 268 seconds]
Guest79237 has quit [Ping timeout: 250 seconds]
<MikeFair>
CAS = Content Addressed Storage
thomasan_ has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
<MikeFair>
It means the contents of what you are looking for determines the address used to find it
thomasan_ has joined #ipfs
<MikeFair>
So when you hash the contents you get the address of that data
<MikeFair>
And that address can only be used to find that specific content
<markg85>
well, the content (a push notification) is dynamic so that is going to be more difficult. So you'd need another form to make it addressable.
<MikeFair>
markg85: Right; which is what I was saying --- IPNS is one form of that
<markg85>
But that's not even the idea i have, not the only one...
<markg85>
Oke, the big picture
<MikeFair>
markg85: You don't know the content of the message you are to receive so you can't ask for it
<markg85>
Imagine Flick, you know, that photo sharing site.
<markg85>
Flickr*
<MikeFair>
NO, but I can picture a photo sharing site ;)
<MikeFair>
yeha, continue
<markg85>
I want to make exactly that but on IPFS with the concept of the one who posted the image owns it and can take it down.
<markg85>
That though process brings me in a dozen very difficult issues to solve.
<markg85>
To name a few:
<markg85>
1. how do you put content on a public network that is owned by the uploader and can be made invalid by that uploader?
<markg85>
2. How do you show that same content on a distributed site
<MikeFair>
postables[m]: On the HTTP backend server idea; the IPFS daemons work in real time, but also expire relatively quickly ----- the HTTP servers would be excruciatingly slow, but keep block data around essentially permanently
<markg85>
3. how do you do user management of the users that registered? How do you even register?...
<MikeFair>
markg85: The "Can take it down" part is impossible to gaurantee; in fact it's flat out against IPFS' design model
<markg85>
etc...
<markg85>
note, i said "made invalid" not take down :)
<markg85>
but that is indeed the point i want to focus on
<MikeFair>
markg85: Doesn't matter, no one has to honor your request
thomasan_ has quit [Ping timeout: 268 seconds]
<postables[m]1>
MikeFair: how would people get the idea from those servers? unless there's some kind of active node behind it, its just holding data. theres nothing to participate in a discovery process for people to find servers hosting the data
<markg85>
I think it is possible.
<markg85>
With public-private key encryption
<MikeFair>
postables[m]: The IPFS daemons play the active part; but the use that vast sea of available storage to store their CID blocks
<markg85>
the file would be encrypted by the users private key and "the site's" public key
<MikeFair>
markg85: Once one person can decrypt it; the data can be rereleased without protection
<postables[m]1>
MikeFair: but then you might as well just run a node on a vps
<MikeFair>
postables[m]: Not an option
<MikeFair>
postables[m]: That's exactly the part I can't dop
thomasan_ has joined #ipfs
<markg85>
MikeFair: I know, that's a fact and can't be worked around. Ignore that flaw :)
<MikeFair>
markg85: Here's what you can do; make every picture an IPNS key and distribute that
<postables[m]1>
how are other ipfs nodes going to be aware of the content being stored on these http servers?
<MikeFair>
postables[m]: They are going to talk to other IPFS servers that have their own private HTTP server they are paired with
<markg85>
MikeFair: without any encryption?
<MikeFair>
markg85: Encryption doesn't help you because of that flaw we are ignored
<MikeFair>
err ignoring
<MikeFair>
When you want to invalidate a photo, update the IPNS key to some other CID
<markg85>
Well, the flaw would not be a few till the user revoked the key. And that is just a flaw that can't be worked around.
<markg85>
but it can be enforced (picture made invalid) from the revoke point forward as it would not be vissible on that site anymore
<MikeFair>
markg85: You have to share the secret with others so they can read the data, that secret will get "out there" you can't force the removal of the decryption key or the data from the IPFS network
<markg85>
And that very issue is the issue i can't wrap my head around!
<markg85>
Or rather, can't figure out a solution for
<MikeFair>
markg85: But in IPFS land you can't remove it; it's the same thing as simply updating the IPNS pointer to point somewhere else
<markg85>
public-private encryption would work if the site were private. It's not
<MikeFair>
markg85: Right, that's why it "can't" work
goiko has quit [Quit: ﴾͡๏̯͡๏﴿ O'RLY? Bye!]
<MikeFair>
I've been trying to come up with ways to store secret data in IPFS where the private channels were simply p2p and the two parties could be trusted
<markg85>
Then how would you develop a concept where the user owns their data?
<markg85>
On a public system like IPFS that is
<MikeFair>
You use a private web site instead of IPFS
<MikeFair>
There's one way I've kind of sort of come up with; but it's hella complicated
hurikhan77 has quit [Ping timeout: 258 seconds]
<markg85>
Please do tell :)
<MikeFair>
markg85: The bottom line is you have to control the delivery mechanism of the cypherText; and with IPFS you can't
<markg85>
Damn!
<MikeFair>
okay, the hella complicated thing is you have to get the cypherText to change over time while it lives on the network
<MikeFair>
markg85: But what you can do is make it so "reasonable" people can have "okay" privacy; like snapchat
<MikeFair>
Instead of using IPFS proper, you use PubSub
<markg85>
but then the data is still public, just hidden away
<markg85>
but eventually still public
<MikeFair>
markg85: Right, but because the cypherText keeps changing (and in an unpredictable way which is hard to explain); the secret key keeps changing
<MikeFair>
and you have to trust the network to purge the old copies
<MikeFair>
which with IPFS proper, you can't
<MikeFair>
So you use PubSub instead
<markg85>
But doesn't that mean that you have to re-encrypt every time as well?
<MikeFair>
markg85: sort of; you transform the encrypted value in a predictable way
<markg85>
I don't get the "use PubSub instead" yet.. can you elaborate on that?
<MikeFair>
You have to run your own servers that are protecting the data
<MikeFair>
You then make each photo a channel
<markg85>
ouch!
<markg85>
That is totally defeating the point of decentralized...
<markg85>
lol
<MikeFair>
People can send a message on that channel to request "please send me the data forthis picture to THECHANNELIAMLISTENINGON"
<MikeFair>
Because it's PubSub based; you can have lots of servers listening for different pictures that they locall host
<shoku[m]>
“You make each photo a channel” sounds like an architecture nightmare 😂
<shoku[m]>
I like the intent though
<MikeFair>
shoku: It is; which is why I said "Kind of Sort of"
<MikeFair>
shoku: It's more an instrastrucutre usage nightmare; but architecturally it's really quite simple; the nodes just Sub a boatload of channels
<markg85>
MikeFair: yeah.... i can see how that would work now.. That just does defeat the decentralized nature. It makes one specific part centralized
<MikeFair>
The part that protects the data
<MikeFair>
which is what you need to actually protect that data
<MikeFair>
There are ways to load balance; like instead of each photo being a channel, the channels could CIDS ending 0x?? (0x00 .. 0xFF)
<markg85>
yes, true
<markg85>
Oke, now that we've gone over IPFS proper.. Lets think outside the box :)
<shoku[m]>
I hear you
<shoku[m]>
You know, the app I’m working on is covering a lot of the problems you’re thinking about
<markg85>
How does IPFS need to change to make this work in IPFS proper?
<shoku[m]>
It’s called Epona
<shoku[m]>
We’re starting with a simple ipfs based article writing tool
<shoku[m]>
To make mini blogs. Like write.as but ipfs based
<postables[m]1>
they've done a lot of the stuff you're talkign about
<shoku[m]>
Then too yeah
<MikeFair>
There's another method I'm thinking about/considering which has to do with "Private Information Retrieval"
<markg85>
I'm all ears!
<MikeFair>
markg85: It's a "perhaps maybe" ; thought; not a proposal
<markg85>
We are in brainstorming mode anyhow :P
<markg85>
The thing i keep thinking is IPFS itself having an option to be a trusted decentralized keyserver where you can request a private key to be stored. Or something along those lines.
<MikeFair>
It all comes back to the same thing; if you want to encrypt data on a public network and keep it secured ; I believe you must have a way to change the secret over time
<MikeFair>
to change the secret over time, means the stored cypherText itself has to change; or at least some significant part of it has to change over time such that the data can't be recovered without the changing piece
<MikeFair>
markg85: That's exactly what I've been working on
<markg85>
Seriously?!
<MikeFair>
markg85: Yes, I need it to solve a simple bank information storage application I've been developing to fund open source software
thomasan_ has quit [Remote host closed the connection]
<MikeFair>
Basically people can't keep a secret
<MikeFair>
no a cryptoSecret anyway
<aschmahmann[m]>
MikeFair: Just want to clarify that this is basically the opposite of CAS. The way you might be able to get this to work is by making users request data from channels by UUID/Public Key.
<MikeFair>
They have to be able to recover their account if they lose their private key
<aschmahmann[m]>
Of course, an enterprising user who likes CAS can just take your data and put it on IPFS and all of a sudden your revocation scheme stops working.
<markg85>
API wise i'd see it as something like: "ipfs decrypt <cid> --public-key <some pub key>"
<MikeFair>
aschmahmann[m]: That's why the data (cypherText) has to keep changing
<MikeFair>
I assume some portion of the process must include sharing a secret with the reader that is not public
<MikeFair>
aschmahmann[m]: But in short, yes, nude photos of celebrities cannot be revoked from the internet
<MikeFair>
(it's the same problem in principle)
<markg85>
MikeFair: when are you going to release that tool? :D
<MikeFair>
Anything that can see the clearText is a risk/point of failure
<MikeFair>
markg85: Which tool? the keep a private key stored in IPFS tool?
<markg85>
yep
<MikeFair>
markg85: Once I think it can actually work; which I currently don't have a solution for; I've just been thinking about what it would take --- effectively you have to eliminate the hard drives
<aschmahmann[m]>
basically, except CAS makes that problem slightly different. Since in the current web people tend to try and block/attack websites based on DNS where as with a CAS system you might ask people to block based on content. However, assuming people aren't all blocking the content it's much easier to find since you can search by hash(content) instead of Google.
<MikeFair>
The way "private information retrieval" works is by turning your data into a polynomial function
<MikeFair>
aschmahmann[m]: Yep
<MikeFair>
aschmahmann[m]: effectively anything retrievable via CAS is effectively clearText
<MikeFair>
In PIR, a server has an ID, which because its position in the X dimension
<aschmahmann[m]>
MikeFair: I wouldn't say that, but rather that encrypted storage on CAS is more explicitly dependent on cryptographic assumptions then classic name based retrieval is. For example, if I encrypt data and upload it to Dropbox and then my encryption key is compromised by a malicious actor I probably should assume my cleartext data is now visible. However, I can ask Dropbox to delete the file and hopefully people won't know
<aschmahmann[m]>
where to find it anymore. However, just ask wikileaks and the aforementioned celebrities how that worked out
GyroW has quit [Read error: Connection reset by peer]
<aschmahmann[m]>
basically with CAS it's obvious that encrypted key => vulnerable data. However, existing systems tend to hide that problem (whether for real or just in people's minds)
spinza has quit [Quit: Coyote finally caught up with me...]
<MikeFair>
aschmahmann[m]: I tend to think we are going to make quantum computers that can make existing asymmetric key encryption moot
<MikeFair>
within the next few decades
<MikeFair>
and probably faster than anyone is willing to accept
<MikeFair>
The problem with cypherText on the public networks like IPFS is the attacker no has infinite time and effectively infinite resources
<markg85>
which means any data we encrypt now will be decryptable once quantum computers become a real thing...
<markg85>
Oh well...
<markg85>
We tried :P
<MikeFair>
So if I encrypt my Social Security Number with a 4096 bit today; 20 years from now, is 4096 bit "safe"?
<MikeFair>
markg85: Not true
<aschmahmann[m]>
that's already true though, government folks have been snooping on encrypted traffic for a while.
<MikeFair>
markg85: You can use Perfect Secrecy approaches
<MikeFair>
aschmahmann[m]: Agreed, I just try and not sound like a conspiracy theorist ;)
<MikeFair>
markg85: In perfect secrecy approaches, any brute force attack will reveal all possible messages that could have been sent
<MikeFair>
so if I send you an encrypted 140 character string; and someone tries to brute force attack it; what they will get is all possible 140 character message I could have sent
<markg85>
yeah... but that imaginary saite i plan on making should have some performance. If it takes 1 hour to load on someone compute it's useless :P
<MikeFair>
This is basically how encrypted data is stored today
<markg85>
site*
<MikeFair>
markg85: It's actually really fast to use; it's a symmetric key algorithm; basically the same as certain AES modes
<aschmahmann[m]>
MikeFair: I guess I'm thinking it's just how it goes. If someone wants to snoop on my traffic they probably can and when we start to suspect that a cipher is going bad I will re-encrypt my data with a new cipher. It's expensive to store all my traffic and wait for the cipher to go bad. Same for CAS as other systems.
<MikeFair>
the problem/challeng is sharing the decryption secret with you in a way that is safe/secure
<MikeFair>
aschmahmann[m]: Right which means you have to have the ability to reasonably keep your old cypherText out of attackers hands
<MikeFair>
aschmahmann[m]: which blockchain and IPFS actively promote preventing you from doing
<aschmahmann[m]>
MikeFair: that's not really correct, they keep the "links" alive but someone still has to host the data. That's the expensive part
<MikeFair>
aschmahmann[m]: If I knew the cyphertext contained sensitive data; it's worth paying for it
<MikeFair>
aschmahmann[m]: It's also exactly what my "use HTTP servers for cheap hosted data storage" is actively addressing
<aschmahmann[m]>
MikeFair: Additionally, if quantum is your concern then use direct connections to distribute your keys since symmetric ciphers aren't really subject to quantum attacks (more than sqrt[n]).
<MikeFair>
aschmahmann[m]: Right, which is another way of saying "can't/don't" use blockchains/ipfs for that comunication
<MikeFair>
aschmahmann[m]: I think you can use encrypted PubSub because data being sent over those channels can "keep up" with the times
<aschmahmann[m]>
MikeFair: sure, although HTTP, etc. don't help either
<MikeFair>
aschmahmann[m]: it helps for the storage price problem
<MikeFair>
Most of the really useful encrypted data doesn't take a whole lot of storage
<shoku[m]>
Postables, lidel, if you could please make me an op here as discussed earlier that’d be cool
<MikeFair>
Though my personal bet is that over time, this stuff will kind of work itself out
<markg85>
I'm sorry, i have to go now
<MikeFair>
My honest solution is to make the identities used over the network more ephemeral than they are now
<markg85>
Thanks for the very interesting conversation :D
<markg85>
To be continued!
<MikeFair>
So you use my fixed address to look up my current active address
mischat has joined #ipfs
<MikeFair>
and my current active address changes over time to deal with the secrecy protection stuff and my old addresses simply stop being usable