With the post I started the other day “Is the SAFE Network Safe?” and now this one I hope people don’t think I’m just here to cause trouble. Believe it or not I’m actually one of the most easy going guys around! Also don’t worry, I’m not going to be the guy who’s constantly trying to challenge you.
As I mentioned in my last post I’ve been following MaidSafe’s progress for a number of years now and find the technology very exciting (but admit I don’t know the details as intimately as I maybe should). If it can work, and also does no harm (I worry it may facilitate harm but will keep this post free of that) it will be fantastic but I recognise that the task is a mammoth one. The technology will no doubt improve over the years however certain core principles will have to be “set in stone” from the start as it seems backtracking may not be an option in certain areas.
I know very well that it’s much easier to ask “awkward” questions than it is to create things! However, if the SAFE Network (or another like it) becomes as ubiquitous as you all no doubt you want it to be then my life, the life of my children, their children, … could be affected. So the network is very important and it’s only right that questions, that may not be popular, are asked at the outset.
I’m sure you can understand that it’s hard to sift through all information that’s available, so I apologise if the answers to my queries are available elsewhere.
→ How is the licensing model enforced? How do you track who is and isn’t paying the 1% fee and then make sure those that aren’t paying up can’t use the network? I’m guessing that safecoin factors in here somewhere? Maybe all/certain safecoin transactions attract a fee that goes straight to MaidSafe? What happens if a service on the network doesn’t ask its customers to pay with safecoin but gains revenue by other means? Can a service that uses the network be deliberately starved of safecoin? If you can halt a service for not paying the fee then what’s to stop you stopping a service for some other reason?
→ How are nodes within the network kept updated? Suppose I found a way to exploit the network in some way; created a worm, found a potential buffer overflow, etc. then how do you ensure that all nodes are patched quickly? I’m guessing you use an auto-update mechanism so that node owners don’t have to worry about this. However can you guarantee that there won’t be a problem with the auto-update process and some nodes could remain unpatched indefinitely, potentially putting the entire network at risk?
→ I assume I can determine the IP addresses of other nodes on the network that I connect to (even if I just fire up WireShark)? I’m not too up to speed on your NAT traversal techniques but could I use your own open source code against the network? I’ll know which sockets the other nodes are listening on, I can scour your client node code for weak points (like opportunities for buffer overflow exploits), figure out how NAT traversal works and then launch an attack on the nodes I know about.
→ How do users authenticate themselves on the network and can developers of services on the network mess this up, say by caching credentials? Could I potentially find files on a node and then transfer them across to mine and masquerade as them? This is of course possible on the Internet however I don’t have a single Internet identity so if someone discovers my Gmail credentials that doesn’t mean they can access my Dropbox account…unless I’m mistaken I’d share my SAFE account across services (but have the option to have multiple identities if I wish – but guess most people wouldn’t do this).
→ I understand that the network uses techniques like Dropbox, etc. so that it doesn’t need to store too many copies of the same data…there’s no point in storing 1m copies of the same MP3. However how well does it cope with capacity reductions? I’ll give two examples of what I mean:
-
I have a 1 PB drive and offer it up to the network. I fill the entire drive meaning potentially 1 PB of my unique data is within the network. Now my drive breaks down and I can’t afford to replace it, I’m back to a 1/2 TB drive. Can I still access the PB worth of data that I stored on the network previously since I’m no longer offering this much in return? If I can then does this mean there’s scope for abuse? If I can’t then is that fair?
-
I am a large corporation and am offering a crazy amount of storage to the network and I also use my entire quota within the network. At some point I leave the network, taking my disks with me. I believe that my data remains on the network and also I’ve just reduced the overall capacity significantly. A similar thing could happen if a new distributed network became available and people migrate en masse from SAFE to this other one…think Facebook poaching everyone from the previous generation of social networking services. Could the people that still use the network end up losing data?
→ How does the bootstrapping process work? When I first create a node how do I get onto the network without knowing where to look? I guess after the initial install and bootstrap you could store a cache of the nodes you’ve seen in the past and then use whichever are available for bootstrapping subsequently but I’m not sure how you would achieve it after the initial install. I suppose you could dynamically allocate a set of current good node IP addresses during the installation process (assuming install happens at the same time as downloading the installer) but you very likely do something else…I’d be interested to hear.
I’m sure I could spend all day thinking up questions, the licensing model was the one I really wanted to ask but figured why not throw in a couple extra…I’ll leave you in peace now and try not to become a nuisance!
