SAFE Network - TEST 6

I’ve never been able to connect to the network while creating new account, is the test network shut down?

Still running here. Just start a Vault, next run the Launcher en Demo-app. Should still work.

I thought data chains were a side project. Valuable obviously but not critical to a functional network. I now get the impression that it will be required to reach beta.
There is a problem and there is an solution this is great! My ponderings leave me with a question…
How will implementation affect development time? Is this a big undertaking that could add significantly to time scales?

The changes to routing table are going through RFC just now. DataChains themselves are already pretty far advanced code wise

     Running target/debug/data_chain-0d8ec510fe8c92b3

running 29 tests
test chain::block_identifier::tests::create_validate_immutable_data_identifier ... ok
test chain::block_identifier::tests::create_validate_link_identifier ... ok
test chain::block_identifier::tests::create_validate_structured_data_identifier ... ok
test chain::node_block::tests::node_block_comparisons ... ok
test chain::data_chain::tests::validate_with_proof ... ok
test chunk_store::test::test::failed_put_when_not_enough_space ... ok
test chunk_store::test::test::create_multiple_instances_in_the_same_root ... ok
test data::data::test::data_request_name ... ok
test data::data::test::data_name ... ok
test data::data::test::data_payload_size ... ok
test chunk_store::test::test::get_fails_when_key_does_not_exist ... ok
test data::plain_data::test::basic_check ... ok
test chain::data_chain::tests::link_only_chain ... ok
test data::structured_data::test::single_owner ... ok
test data::structured_data::test::single_owner_other_signature ... ok
test data::structured_data::test::single_owner_unsigned ... ok
test data::immutable_data::test::deterministic_test ... ok
test data::structured_data::test::single_owner_other_signing_key ... ok
test data::structured_data::test::three_owners ... ok
test secured_data::test::disk_create_cleanup ... ok
test data::structured_data::test::transfer_owners ... ok
test data::structured_data::test::four_owners ... ok
test chain::data_chain::tests::data_link_chain ... ok
test chain::data_chain::tests::file_based_chain ... ok
test chunk_store::test::test::put_and_get_value_should_be_same ... ok
test chunk_store::test::test::delete ... ok
test chunk_store::test::test::keys ... ok
test chunk_store::test::test::overwrite_value ... ok
test chunk_store::test::test::successful_put ... ok

test result: ok. 29 passed; 0 failed; 0 ignored; 0 measured

   Doc-tests data_chain

running 1 test
test chain_0 ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured

Yeah only kicked that out in what under two months? (I think that’s the earliest activity I saw on github) On your own! You modest mouse you. Obviously promising the timeline of alpha and on and having the breakthrough of data chains there were some micro naps and overtime put in.

@dirvine, what do you think about avoiding the password trouble that steem has had and using auto-generated login master keys: https://www.steemimg.com/images/2016/07/24/Capture2d499.jpg

Ok, just your previous message seemed like contradicting my analysis of the problem being implementation effort over technical hindrance.

Bandwidth limiting would be useful even at this stage, but since it is achievable by numerous means there is no real need for internal limit support at this stage?

I think we should test all this out for sure. The auto passwords are hard for folk without password managers etc, which is harder in networks like SAFE … perhaps?

I think the Steem issue is a pressing one prior to even the Alpha launch. Having a 2 factor, hardware or software *BitID, SQRL, Yubikey, Trezor…something is necessary if MaidSafe Vaults are accessed through the browser, desktop login or any non-safe OS. Not taking care of this leaves MAIDSAFE open to FUD, after attacks from State operators, Hackers, and the like *Trojans, keyloggers) clean out somebody’s wallet holdings or personal files/pictures. Some non RAM accessible secondary authentication is paramount to a secure system.

Self encryption means nothing when I can pdf or USBkey jack any computer I happen to stand next to or have use of for 5 seconds.

Please spend some time getting this in order prior to going live with safecoin.

*Even Authenticator Wallet uses a Gpush channel to get a second signature. Its open source, maybe a part of that process can be used.

*question, cannot attempting to login multiple times in parallel DDOS the system? Should some client side POW be required to make the process expensive for a network attacker slowing the logon system? Scrypt large memory+, PBD2K and any GPU/Asic hard POW so that accounts cannot be created ad infinitum, or logins attempted in parallel x 10,000-N. They might not defeat a password but they would slow the rest of us getting into the system if there is no cost to create accounts/login?

Maybe a Safe login notification subkey is created for a mobile app. When we want to login we send a message to the safe network that is a private subkey signed “ON” state referencing the account and held in a logon node cache for max 2 minutes. User presses green login on mobile app, relevant Nodes would receive a pre-logon request to network, check if USER header is flagged for 2nd factor when actual login is attempted, check current cache request and process if in cache/2 minute log. If a user sends an OFF signed message for account that user will then be dismounted/logged off. Giving the user power from APP to turn off connection or possibly power down SafeOS away from the desktop if need be.

@dirvine YubiKey uses a linux PAM module to authenticate access to the desktop. A modified version of this could Authenticate locally using the PAM module process but retrieve the subPUBkey from the SafeNetwork along with a local and remote nonce to sign before the login is successful or the application works. Selling a SafeKey becomes another revenue model for the foundation, or of course the SafeNetwork can send a message to the subPubkey for signing to software *mobile phone. Giving user 2 factor choice and protection.

Hi there!
Sorry for possible stupid question, but I failed at start: can’t create account. There is red message “Waiting for establishing connection with SAFE Network” while PIN creating.

Proxy is configured. What should I do?

Thanks

Welcome to the Safenetwork forum!

What you should probably do is wait for the next official test, when there will be up-to-date software and explanations of getting connected. My guess is that will be this week sometime. There is an official update from Maidsafe on this forum in the “updates” category every Tuesday so look out for that.

@dirvine, you are correct about the secure passowrds being hard for those without password managers, but the requirement for real non-human entropy is vital in your system once SAFEcoin is implemented. In the very near future all users on the internet will be logging in with recoverable hierarchical private keys. The password is dead, why drag it’s use into a futuristic distributed internet system?

Not everyone (a lot actually) will not have the luxury of a password manager and how many password managers have now been found insecure or have some flaw that can be exploited.

As long as we have a “strength” test to dual passwords then the password manager is optional. The “entropy” is also solved by providing the test.

If someone decides to ignore the security test (assuming they can) the ones affected is themselves. Its not like the SAFE network will somehow be hacked because someones password is cracked.

Also remember that unlike many passwords being cracked, to crack a SAFE account password, you need to supply the passwords and wait for returned account and see if it can be decrypted by the passwords. The lag in the network limits the cracking attempt to a couple of tries per second.

So if the password(s) strength checker ensures the passwords are strong enough for a local password (that can be tested billions of times a second) then that password will be more than enough for SAFE.

Just a couple of reasons why people who NEED the SAFE network will not have a password manager.

• on the run from authorities (political) and had to leave with no possessions.
• do not trust password managers because of the ones that already were hacked
• think SAFE network is the ONLY password manager they need. (it can be used as such actually) So why have two?
• third world countries where shared computer/internet access is the norm and no money for the luxury of a password manager.
• etc etc etc

EDIT:
Here is an interesting thought. If I have a password manager to manage my politically sensitive SAFE account’s password then the authorities only need to crack the password manager to get access to the SAFE account. So then the password I use for the manager has to be as good as if not better than the one I use for SAFE, so then why have a password manager and just use that password for safe.

Just wondering what the need for throwaway accounts would be. And why not use the same strong password for each which then is easier to remember.

Just the one account will be able to have as many throw away anon identities as desired without needing a new account.

The idea of anon throwaway IDs (incl coin addresses) have been promised for as long as I can remember, and is actually one of the “benefits” of SAFE.

Good reply. I love this forum because of all the smarts being passed around!

For the second time on TEST 6 I am unable to access my account. On the first day of test 6 I signed up for an account and used it fine until I went away for the weekend then could no longer access it. I had then recreated my account with the same password and it had been running fine until I again didn’t log in for a couple of days and now it seems to have been deleted again.

Is there a way to see how much total data your vault has uploaded and downloaded?