Existing problems and the future of SIA



  • @intheclouds someone here: https://dm.reddit.com/r/siacoin/comments/6mcatn/existing_problems_and_the_future_of_sia/

    said

    The more contracts are concluded by host ==> the more data that is written: Each second few files (related to the concluded contracts) are rewritten, and their their sizes are proportional to number of already signed contracts and amount of reversed space on disk.

    So for a good active node with bunch of contracts it can be not just 10Gb/day buy hundreds gigabytes per day of useless/redundant data writing

    so as a host

    and another

    Yes, other programs write to disk. None of mine write more than a GB per day, so they're negligible for this discussion.

    At a link above, someone measured about 10GB a day with active contracts. Do you have a source or a measurement suggesting that it's 10x that?

    At 100GB a day, my SSD life is limited to around 7 years. Again, that's over what I consider to be the useful life of a drive, so it doesn't bother me.

    Absolutely this is a big bug that must be fixed -- I'm not arguing that it's inconsequential! But it's not killing my drive to the point that I feel I should shut it down until they roll out a fix whenever they get around to this particular issue in their endlessly expanding to do list.

    They are aware of the bug and will fix it. We have no ETA at this point.



  • This post is deleted!


  • @flibben It's a false sense of security in my opinion, if I have a renter with some secret algo that encrypts the ips it contacts, it still need to make the actual connection. Where to upload the data? You can just observe the outgoing traffic and see the ip's connected too. If you go through a gateway of any kind, that becomes a point of failure as well. But instead of having DDOS'ed 1 server, you take down the gateway, it might be 100's of servers impacted instead of just one. Keeping it as decentralized as possible is the best way to keep the data and the network up. Creating single points of targets for DDOS is sure to bring it all to a halt.
    There is also no one that says you're not allowed to setup a VPN or reverse proxy as a hoster to hide your true IP.
    It is very early days of Sia, so maybe a solution will be found, I could think of IPv6 might hold the answer.



  • @DcyMatrix Why did you delete your first post? As for the encrypted IPs the only thing that changes is the format of the IP. Instead of 123.456.789 (IPv4) or :7a07:1234:556c:777:f363:8899:tre7:9q21 (IPv6) you'll see something like ABC123deF456gHIk789LmN. That's all. No gateway or any centralized middle-man server. That doesn't mean that your IP wont be able to make connections with hosts' IPs. The software is able to convert the encrypted IP back to normal with its algorithm.

    Now, when you upload files, your files are spread across 30 hosts. So if you scan the connections you'll get 30 IPs.



  • @bugger Deleted my first post because I wanted to reply to flibben not you, so my post appeared to reply to you, but only flibben was the one I mentioned in the post itself :P

    But I still stand by my remark I think it's a false sense of security. I don't see anything stopping anyone from simply scanning all the Ipv4 space for Sia hosts. So again, you think your 'hidden' when you're really not hidden at all. Hence the false sense of security.



  • @bugger @reinisp With encrypted IPs an attacker would have to actually form contracts and buy storage to find the IP of the specific host he is using. This is incredibly time consuming, requires a lot of money and you don't know which host you'll end up using since you can't select. It may not even possible to find 50% of IPs this way.

    --- This is actually something I could see implemented via the blockchain, if a renter announce on the blockchain it wants to form contracts, then the Sia hosters reading the chain all the time, will be able to 'bid on the contract' and then even encrypt the answer to the renter only. Sounds like a great idea :-) But still would make your hosts vulnerable to a ipv4 scan of the internet for Sia hosts. Unless the hosts reply to the renter would include a 'port knock' to signal the host it's a real renter contacting you :D



  • @DcyMatrix
    I still can't imagine how (without centralization) could a node with the intention to rent some storage get the IP needed for contacting host regarding the offered contract details. Even if it is encoded into the blockchain itself, the blockchain is publicly available and every node is able to decrypt the contents. The attacker just needs to run the node and let it sync the blockchain...

    if a renter announce on the blockchain it wants to form contracts, then the Sia hosters reading the chain all the time, will be able to 'bid on the contract'

    That would turn the renter into the target for DDoSing...



  • @DcyMatrix @reinisp anything is better than this: https://siahub.info/ really. The current situation is like "I let my house door open, because even if I lock it, it is still possible to bypass it. Oh and by the way, here's where I live: https://siahub.info/. "



  • @reinisp There are other ideas emerging as we speak to deliver these types of services.... stay tuned

    Unofficial User / Tester / Analyst of Sia ( w/Renter and Host experience)

    0


  • @reinisp Public / Private key encryption, the information is Encrypted using the public key of the recipient. Then only the private key will be able to unlock it.
    It's the same thing that keeps all cryptocurrencies safe. If the information is on the blockchain, you will not be able to see who the recipient is, since everyone will have the same data (blockchain). Only the recipient (wallet owner) in this case the renter will be able to get anything meaningful out of the data since he/she holds the private key necessary to decrypt the information, in this case the information would be the IP & a 'port knock' code. To tell the renter the correct sequence of ports to send a syn package too, used to announce to the host it's a contract holder asking to upload or download data.

    All cryptocurrencies are built using the Public / Private key method. The 'private key' is just your wallet, the public key would be a receiving address of the crypto.

    DcyMatrix: if a renter announce on the blockchain it wants to form contracts, then the Sia hosters reading the chain all the time, will be able to 'bid >on the contract'"

    reinisp >"That would turn the renter into the target for DDoSing..."

    All the information the renter would have to put on the blockchain would be the intent to rent, if a host picks up the contract, the host (and everybody else) does not know anything about the renter except the public key used to encrypt a reply to the renter. So the rest of the peers on the chain can not see anything meaningful about either the renter or the hoster.

    This is all just brainstorming on my behalf, but Someone please do correct me if I am wrong in any of this :D



  • @DcyMatrix
    I do not get it...
    a renter puts intention into the blockchain. Somehow, without knowing where other nodes are (their IP addresses). Let it be so.
    Hosts receive the blockchain and see there is a renter wanting something. What should a host do to contact the renter of whom the address is not known? How to send a proposal to the renter so the renter can decide which hosts offer acceptable conditions? You only get the best offers if you receive them from all, so all hosts need to know how to contact the new and unknown renter...
    And the new renter does not know where there is a host, because host addresses are "hidden". Who will tell the renter the password to decipher the hosts addresses?
    Just try to write down a step by step procedure, how the network would prevent an attacker to use the official (opensource) client to get the addresses of all hosts.

    1. hosts have their copy of blockchain.
    2. renter installs the client and downloads blockchain. Let's assume it happens by magic (not knowing from where the client should download the blockchain).
      What next?
    3. Renter puts an announcement together with an ID (something for encription) into the blockchain. Again, somehow by magic, broadcasting, without knowing the nearest mining node.
    4. Host (every host on the network) notices the renting intention, and puts his proposal with unique ID into the blockchain, marked with the ID of renters announce?
    5. Every renter who has put an intention announce looks for proposals and discards without looking into all with "wrong ID"? After reading all proposals puts intention to contact host (or own IP so the host can contact) together with the proposals ID?
      ...
      The keys could technically be exchanged over the blockchain as a medium. But remember, there are 10 minutes between the blocks. So how long would the contract creation last? And how would that blow the blockchain up? if there were thousands of hosts and even more renters?
      I think the possible gains are not worth the drawbacks.
      There is another type of possible attack which would even profit from this- use a network of, say 40-50 rogue hosts, getting a lot of contracts by offering very low prices and after getting some data uploaded to them, change the price sharply initiating a massive renegotiation round...


  • Does working as intended include 41k SC out of my wallet in a single TX for a 250MB upload when I have a 7.5K SC allocation/allowance set?

    I am a noob, true but I have a decade of software testing experience and this does not seem good enough for an even an Alpha build to me.



  • @bugger

    Torrents do use encrypted IP's. They use encrypted data in the packets.

    You do realize your home router doesn't understand "encrypted IPs."

    You need to work within the confines of the network structure of the actual internet. All information sent and received uses the IP stack. (See the OSI model)

    Besides, as Sia is open source, there's nothing stopping someone from making a modification to expose the IP's of hosts. Or even just using wireshark on the network adapter to see them.

    The whole point of decentralization/p2p (peer to peer) is to send the the data DIRECTLY to the other peer. Of which, you need their actual Internet accessible IP.


    I've pointed out how easy a simple DoS attack against people hosting at home was before. Damn near a year ago. it was met with the response that the hosts need to be responsible for taking precautions against attacks.

    --
    SiaMining.com -- Your PPS Sia Pool.
    I'm not affiliated or work on the Sia/Nebulous team.

    0


  • @DcyMatrix @reinisp good thoughts.. go on..

    @desgrippes I wouldn't go that far.. but there sure are a few issues that must be resolved.

    @xurious centralized networks like OVH have pretty good DDoS mitigation, however home users have no protection. Even with the maximum protection (iptables, tarpit etc..) they are limited by their speed. The P2P network includes simple users, renters, hosts, nodes so you don't know who is who. The point is to protect hosts and their uptime to prevent damage. As for the encrypted IPs once again, the router is not the one doing this job. The software is and more specifically the Sia software.

    Simple example: My IP: 111.111.111 -> Sia encryption algorithm: +1 -> blockchain sends to your sia software my encrypted IP: 111.111.112 -> your Sia software uses the same algorithm (-1) to decrypt my IP: 111.111.111 -> your router uses my REAL IP. That doesn't mean that my IP is not visible to the network or to you via wireshark or w/e, it's just that a middle man searching specifically for hosts will get my encrypted IP while not knowing the enc/dec algorithm. If the middle man searches for all IPs he can get my IP, but he wont know that I'm a host.

    As for the modfication part, it's up to the dev team to protect the integrity of the code.



  • @bugger said in Existing problems and the future of SIA:

    @xurious centralized networks like OVH have pretty good DDoS mitigation, however home users have no protection. Even with the maximum protection (iptables, tarpit etc..) they are limited by their speed.

    I'm well aware of DoS mitigation techniques and the overall limitation of the WAN throughput is by far the most limiting factor in most scenarios. It's especially the limitation of most home users.

    Again, as I previously noted: This responsibility falls on the host. Not the renter or the software. Sia is not supposed to be a consumer grade product. It's designed to be the back end for storage that consumer and enterprise applications use.

    The P2P network includes simple users, renters, hosts, nodes so you don't know who is who. The point is to protect hosts and their uptime to prevent damage.

    Again, I pointed out this attack and it was met with "Responsibility falls upon the Host."

    As for the encrypted IPs once again, the router is not the one doing this job. The software is and more specifically the Sia software.
    Simple example: My IP: 111.111.111 -> Sia encryption algorithm: +1 -> blockchain sends to your sia software my encrypted IP: 111.111.112 -> your Sia software uses the same algorithm (-1) to decrypt my IP: 111.111.111 -> your router uses my REAL IP.

    How do hosts propagate their real IP to be used? They encrypt them, then add it to the blockchain? Ok, so a few minutes of someones time to go through the blockchain and decrypt all the IPs. We are back at square one, with no benefit added other than burning extra CPU cycles.

    That doesn't mean that my IP is not visible to the network or to you via wireshark or w/e, it's just that a middle man searching specifically for hosts will get my encrypted IP while not knowing the enc/dec algorithm.

    Ok. So if the middle man doesn't know the encryption scheme, how will you (as the client?)

    If the middle man searches for all IPs he can get my IP, but he wont know that I'm a host.

    Sure a middle man can. They check to see if port 9981/2 is open (as well as the other ports.) Sending data to each one to see which responds. Presto... it's easy to see if you are a host.

    Besides, to make it even easier: Spend a few bucks to form contracts and your client will be forced to know what the Host IPs are in order to form the contract. You don't even need a middleman.

    As for the modfication part, it's up to the dev team to protect the integrity of the code.

    No. There is no trust necessary for this. The code is open source so that anyone is able to view, modify and improve upon it. It also hinders malicious code being added. This also means that anyone is able to to modify the software for their end use.

    @reinisp Plus with your attack, they don't even need to up the price. Just dump the data to /dev/null while keeping the price low.

    --
    SiaMining.com -- Your PPS Sia Pool.
    I'm not affiliated or work on the Sia/Nebulous team.

    0


  • @xurious
    You said

    • "Sia is not supposed to be a consumer grade product. It's designed to be the back end for storage that consumer and enterprise applications use."

    IF that is case perhaps they should not falsify or erroneously compare themselves to Amazon and Dropbox to the public- as this creates confusion of expectation level from investor down to renter/ host.

    Unofficial User / Tester / Analyst of Sia ( w/Renter and Host experience)

    0


  • SiaHub even displays the IPs of the hosts!

    Folks, as many have said, IPs are public in the network for services like Sia.

    However, and I'm surprised this has not come up, there's always the option to use Tor to obfuscate your IP. Sia does not support Tor, not sure if it's on the roadmap. Other distributed crypto storage projects however are very much looking into this. Check those out if IP privacy is a concern!



  • @moorsc0de

    Amazon s3 is a enterprise grade product. There will be a sia based dropbox clone in the future (nextcloud + sia plugin is a start.)

    Yes, there is confusion. That confusion revolves around people jumping in feet first instead of reading the technology, asking questions and critically thinking about it's application. Instead people just go "oh, i can enable hosting? Great." Then they complain about losing SC because they have no idea how the tech works.

    --
    SiaMining.com -- Your PPS Sia Pool.
    I'm not affiliated or work on the Sia/Nebulous team.

    0


  • @maol said in Existing problems and the future of SIA:

    SiaHub even displays the IPs of the hosts!

    Folks, as many have said, IPs are public in the network for services like Sia.

    However, and I'm surprised this has not come up, there's always the option to use Tor to obfuscate your IP. Sia does not support Tor, not sure if it's on the roadmap. Other distributed crypto storage projects however are very much looking into this. Check those out if IP privacy is a concern!

    Sia doesn't need to support tor. Nothing is stopping you from running Tor and then using Sia on top of it.

    --
    SiaMining.com -- Your PPS Sia Pool.
    I'm not affiliated or work on the Sia/Nebulous team.

    0


  • @xurious said in Existing problems and the future of SIA:

    Sia doesn't need to support tor. Nothing is stopping you from running Tor and then using Sia on top of it.

    Really, would that work for hosting and renting in the normal Sia network? And would it be secure, i.e. not accidentally leak your IP?


Log in to reply