Existing problems and the future of SIA
-
Does working as intended include 41k SC out of my wallet in a single TX for a 250MB upload when I have a 7.5K SC allocation/allowance set?
I am a noob, true but I have a decade of software testing experience and this does not seem good enough for an even an Alpha build to me.
-
Torrents do use encrypted IP's. They use encrypted data in the packets.
You do realize your home router doesn't understand "encrypted IPs."
You need to work within the confines of the network structure of the actual internet. All information sent and received uses the IP stack. (See the OSI model)
Besides, as Sia is open source, there's nothing stopping someone from making a modification to expose the IP's of hosts. Or even just using wireshark on the network adapter to see them.
The whole point of decentralization/p2p (peer to peer) is to send the the data DIRECTLY to the other peer. Of which, you need their actual Internet accessible IP.
I've pointed out how easy a simple DoS attack against people hosting at home was before. Damn near a year ago. it was met with the response that the hosts need to be responsible for taking precautions against attacks.
-
@DcyMatrix @reinisp good thoughts.. go on..
@desgrippes I wouldn't go that far.. but there sure are a few issues that must be resolved.
@xurious centralized networks like OVH have pretty good DDoS mitigation, however home users have no protection. Even with the maximum protection (iptables, tarpit etc..) they are limited by their speed. The P2P network includes simple users, renters, hosts, nodes so you don't know who is who. The point is to protect hosts and their uptime to prevent damage. As for the encrypted IPs once again, the router is not the one doing this job. The software is and more specifically the Sia software.
Simple example: My IP: 111.111.111 -> Sia encryption algorithm: +1 -> blockchain sends to your sia software my encrypted IP: 111.111.112 -> your Sia software uses the same algorithm (-1) to decrypt my IP: 111.111.111 -> your router uses my REAL IP. That doesn't mean that my IP is not visible to the network or to you via wireshark or w/e, it's just that a middle man searching specifically for hosts will get my encrypted IP while not knowing the enc/dec algorithm. If the middle man searches for all IPs he can get my IP, but he wont know that I'm a host.
As for the modfication part, it's up to the dev team to protect the integrity of the code.
-
@bugger said in Existing problems and the future of SIA:
@xurious centralized networks like OVH have pretty good DDoS mitigation, however home users have no protection. Even with the maximum protection (iptables, tarpit etc..) they are limited by their speed.
I'm well aware of DoS mitigation techniques and the overall limitation of the WAN throughput is by far the most limiting factor in most scenarios. It's especially the limitation of most home users.
Again, as I previously noted: This responsibility falls on the host. Not the renter or the software. Sia is not supposed to be a consumer grade product. It's designed to be the back end for storage that consumer and enterprise applications use.
The P2P network includes simple users, renters, hosts, nodes so you don't know who is who. The point is to protect hosts and their uptime to prevent damage.
Again, I pointed out this attack and it was met with "Responsibility falls upon the Host."
As for the encrypted IPs once again, the router is not the one doing this job. The software is and more specifically the Sia software.
Simple example: My IP: 111.111.111 -> Sia encryption algorithm: +1 -> blockchain sends to your sia software my encrypted IP: 111.111.112 -> your Sia software uses the same algorithm (-1) to decrypt my IP: 111.111.111 -> your router uses my REAL IP.How do hosts propagate their real IP to be used? They encrypt them, then add it to the blockchain? Ok, so a few minutes of someones time to go through the blockchain and decrypt all the IPs. We are back at square one, with no benefit added other than burning extra CPU cycles.
That doesn't mean that my IP is not visible to the network or to you via wireshark or w/e, it's just that a middle man searching specifically for hosts will get my encrypted IP while not knowing the enc/dec algorithm.
Ok. So if the middle man doesn't know the encryption scheme, how will you (as the client?)
If the middle man searches for all IPs he can get my IP, but he wont know that I'm a host.
Sure a middle man can. They check to see if port 9981/2 is open (as well as the other ports.) Sending data to each one to see which responds. Presto... it's easy to see if you are a host.
Besides, to make it even easier: Spend a few bucks to form contracts and your client will be forced to know what the Host IPs are in order to form the contract. You don't even need a middleman.
As for the modfication part, it's up to the dev team to protect the integrity of the code.
No. There is no trust necessary for this. The code is open source so that anyone is able to view, modify and improve upon it. It also hinders malicious code being added. This also means that anyone is able to to modify the software for their end use.
@reinisp Plus with your attack, they don't even need to up the price. Just dump the data to /dev/null while keeping the price low.
-
@xurious
You said- "Sia is not supposed to be a consumer grade product. It's designed to be the back end for storage that consumer and enterprise applications use."
IF that is case perhaps they should not falsify or erroneously compare themselves to Amazon and Dropbox to the public- as this creates confusion of expectation level from investor down to renter/ host.
-
SiaHub even displays the IPs of the hosts!
Folks, as many have said, IPs are public in the network for services like Sia.
However, and I'm surprised this has not come up, there's always the option to use Tor to obfuscate your IP. Sia does not support Tor, not sure if it's on the roadmap. Other distributed crypto storage projects however are very much looking into this. Check those out if IP privacy is a concern!
-
Amazon s3 is a enterprise grade product. There will be a sia based dropbox clone in the future (nextcloud + sia plugin is a start.)
Yes, there is confusion. That confusion revolves around people jumping in feet first instead of reading the technology, asking questions and critically thinking about it's application. Instead people just go "oh, i can enable hosting? Great." Then they complain about losing SC because they have no idea how the tech works.
-
@maol said in Existing problems and the future of SIA:
SiaHub even displays the IPs of the hosts!
Folks, as many have said, IPs are public in the network for services like Sia.
However, and I'm surprised this has not come up, there's always the option to use Tor to obfuscate your IP. Sia does not support Tor, not sure if it's on the roadmap. Other distributed crypto storage projects however are very much looking into this. Check those out if IP privacy is a concern!
Sia doesn't need to support tor. Nothing is stopping you from running Tor and then using Sia on top of it.
-
@xurious said in Existing problems and the future of SIA:
Sia doesn't need to support tor. Nothing is stopping you from running Tor and then using Sia on top of it.
Really, would that work for hosting and renting in the normal Sia network? And would it be secure, i.e. not accidentally leak your IP?
-
@xurious
"Instead people just go "oh, i can enable hosting? Great." Then they complain about losing SC because they have no idea how the tech works."And your stance is Sia doesn't have a responsibility in explaining the technology they created? We all know they have failed in that department.
Interesting commentEsp since Sia has ancillary products like MINEBOX and ASIC Miners coming out.
-
@maol TOR is not what it seems to be, plus the speed will be limited
@xurious Don't worry about the technical side, anything can be done with code and SIA's own blockchain. It may not be a hack-proof solution, but still better than siahub. If a dev would join this discussion this talk would be over by now. The fact that we have no official statement for hosts' security alone is problematic. I assure you, if things stay as they are, one day, suddenly the lights will go off. Mark my words.
-
@bugger said in Existing problems and the future of SIA:
@maol TOR is not what it seems to be, plus the speed will be limited
You can't always have both security and convenience. @xurious pointed out above that the proposed solution doesn't add any security. The only reasonable way to hide IP addresses in peer to peer technologies is through Tor, or similar protocols. Everything else is trying to implement security through obscurity (which can easily be circumvented) at best, or snake oil at worst.
anything can be done with code and SIA's own blockchain. It may not be a hack-proof solution, but still better than siahub. If a dev would join this discussion this talk would be over by now.
It's been said before, and I think people pointed it out above, that hiding people's IPs is not on the roadmap for the devs, and that this is a conscious decision. Accept it and move on - I was trying to help you move on by pointing out existing alternatives that may be better suited for your understanding of what makes a secure file sharing solution.
The fact that we have no official statement for hosts' security alone is problematic.
I don't want the devs to come to every thread of a new joiner who misunderstands the purpose of Sia, and answer the same questions again and again. They should be coding instead, and focus on the relevant discussions.
I assure you, if things stay as they are, one day, suddenly the lights will go off. Mark my words.
I wanted to say something witty, but I'm too tired of this, so let me just point to Dr. Doom instead.
-
@bugger from discussions I have had- many just arent saying anything.. but the lights been off.
-
@maol stop twisting my words. I never talked about hiding IPs of SIA users. I talk about basic encryption of the hosts' IP. Even if you have TOR IP you can get DDoSed, but you can't DDoS an encrypted IP. If you have basic knowledge of coding and encryption this is child's play. Considering that devs shouldn't get feedback and try to resolve community issues then they may as well delete this forum.
@moorsc0de At the end those who will survive are data centers. Now that I think of it again it's not a bad idea. Better to have your files on data centers than on home users' HDD.
-
@bugger said in Existing problems and the future of SIA:
@maol stop twisting my words. I never talked about hiding IPs of SIA users. I talk about basic encryption of the hosts' IP. Even if you have TOR IP you can get DDoSed, but you can't DDoS an encrypted IP. If you have basic knowledge of coding and encryption this is child's play. Considering that devs shouldn't get feedback and try to resolve community issues then they may as well delete this forum.
Sorry I wasn't very precise in my answer - I also meant the hosters' IP. Agree that encrypting hosters' IP addresses is trivial. However - and let's try again to look at this as a technology problems:
What I fail to understand in that situation is how that's going to be implemented in a way that renters can unencrypt hoster IPs, but somebody else (such as a hacker, script kiddy or just SiaHub/SiaPulse) can't? This is based on the assumptions that renters need to be able to speak to the hosters IP to upload or download files.
Separately, since this is a blockchain based solution, all parties sending funds (SC, SF) will be known with their IPs. This includes transactions typically done by hosters (collateral) and renters (file contracts). I'm a bit out of my depth as to the spcifics of the Sia protocol, but I'd think this is another way to identify hosters that can't be avoided.
-
New here, so here it goes.
Hiding IPs for the sole purpose of not being able to generate a list of IPs for DDoS or MDoS seems reasonable. However, since SIA is decentralized, it is not possible to hide IPs. For example, if I'm downloading a file from a node hosting a file, all I need to do is "netstat -an" and I will get a list of all IPs my computer is connected to. Not hard to find out which one is the SIA node from that point.
As long as there is no list that can be generated of all hosts, it is reasonably safe.
-
This post is deleted!
-
This post is deleted!
