git ssb


3+

Dominic / scuttlebot



While adding tor support I noticed that my pub would accept and start replicating with non-tor servers. While this is fine in some cases, in others this could be really bad. I was thinking of a way to implement this so that it can be configured. I se...

%X8x24yrm8XGuuiPJpoHPPbFLjM8sPaHYWF2ocZfqMMI=.sha256
Openarj opened this issue on 11/8/2016, 3:16:36 AM

While adding tor support I noticed that my pub would accept and start replicating with non-tor servers. While this is fine in some cases, in others this could be really bad. I was thinking of a way to implement this so that it can be configured. I see that ferment can be made to run its own app server that has special rules for replication. I'm not sure if this should be part of a replicate rewrite that Dominic has been talking about or not.

%rwCAREUObFkk3GCRe3u/sQeSM2au0J9sEtRmeADSjoM=.sha256 Dominic · 11/8/2016, 3:38:08 AM

one way, would be to make the tor multiserver connection also intercept the other protocols (net, at least, and just reject websockets?) I think that would work

%kiFtz+yOhbZq9XoRA0rG1GRSeSYaBNVdTDvF+5MkrHI=.sha256 arj · 11/8/2016, 4:11:58 AM

That would be one way. Would you accept such a patch?

I was just thinking of something more general, but thinking more about it I think we are over in the whole group concept thing. We should be careful with a false sense of security.

%67Tjyx2dYdLqUtEVvawdJoITscJt4d1DHsJjv1WMI2w=.sha256 Dominic · 11/8/2016, 4:19:53 AM

@arj sure, it should be a config option.

can you elaborate on "we are over in the whole group concept thing. We should be careful with a false sense of security."?

%KarVFyWxrHE/hJ5lqQAxRVRmLx2NCSDlnw+JVV9DlIw=.sha256 arj · 11/8/2016, 5:00:24 AM

Cool! I'll work on that.

What I mean is in a gossping network you shouldn't let replication settings decide who can see what. Its very easy to fuck up. You need stronger guarantees such as encrypted messages. You know starting up a network and having all nodes running with this tor only setting, but then someone forgets to set the flag and all of the sudden the messages are everywhere :toilet:

%ClwwAt9KFwwjEQtaB8FSRO7bVXTZ1NvAMm/wu3SnVK8=.sha256 Dominic · 11/8/2016, 6:15:29 AM

Yes, absolutely! This would just be a feature to allow tor users to maintain the anonymity that tor provides.

%3P2H9pz070rr54gzn7dxyf5gwX1NIBTT+5PxXyYdOC8=.sha256 lex · 11/8/2016, 4:42:00 PM

@Dominic @arj Yes, it is not a matter of "closed user groups". I may only want to communicate with other network users over fc00 or tor (or even just specific network interfaces on a multi-homed system) for my own safety/security/sanity. Such options should be available.

%f7Q/HxIYUm0ONgkJSDh6cpn+aICMFWPVnlXzuYMCz68=.sha256 ansuz · 11/8/2016, 5:10:02 PM

I've been meaning to dig into the gossip side of things more. I'm interested in having an --offline flag for times when I want to interact with my feed, but not have it propogate (using a flimsy data plan).

%I7ZcozLjKBnfB8CfVzYbWcu0JKn6oZQTzZJ3qJ0oHwk=.sha256 ansuz · 11/25/2016, 4:44:29 AM

@Dominic I finally got around to this.

I pushed a branch (offline-mode) to scuttlebot (via git-ssb). It was a super easy fix.

%H2wGRNwz9n+8JcSrDEBaZcOFCpEHq1skQjr4kYOavSc=.sha256 Dominic · 11/25/2016, 5:12:49 AM

@ansuz can you make a pr?

%PZrz4k8OGZzmdSEsrvScBFhLpnFZo8L5PWc36qXiFdw=.sha256 ansuz · 11/25/2016, 5:23:27 AM

I was about to, but I wasn't sure which branch to compare against.

%uNvyoLbW8OlHBq55cP7C/6ZCTItivvGxFLXJBz4ymvA=.sha256 Dominic · 11/25/2016, 5:30:55 AM

master

%ycUaUCPnn1iEsEbeJgcwYjYEhvEQCmlFDJsXg8bV8mg=.sha256 ansuz · 11/25/2016, 5:39:13 AM

one thing is that there's still a TODO translate. I'm not sure what the policy is regarding translation of commandline stuff.

%dfKxQoxjutyHOrL62AEInQQMKhxlNHIC8q1QMToUMK4=.sha256 arj · 12/9/2016, 3:53:14 PM

Couldn't find secret-stack on git-ssb so has to use github https://github.com/ssbc/secret-stack/pull/12. Anyway, it was really easy after all. Only problem is telling people that it exists :)


Built with git-ssb-web