SAFEnet fuzzing

I’m new to the forum and new to holding MAID as I’ve thought the project will fail because it was trying to solve too many problems at a time(similar to Ethereum), but recently I’ve had more time to take a closer look at the project and at the community and together I think we have a chance to truly have a safe+uncensored internet, a place we could call home like how the internet was before all these big corporations took over it and made it centralized and a money sucking machine instead of a free world of the mind how the founding fathers hoped it will be, so I want MAID to succeed and to create a world of our own.

I know rust is a memory-safe programming language but recently I’ve stumbled over:

The people in the community that are related to cybersecurity will sure know about afl and how great it is at fuzzing open-source projects for different kind of vulnerabilities, so I want to know what do the developers of this project think about us as a community to start fuzzing the project before the MVP, while we still have time to build everything on a strong foundation instead of patching vulnerabilities each week/month as a lot of companies do these days?

Another question I have is if selfrando can be added to SAFE to improve upon ASLR without much run-time overhead?

And I want to say a big thank you to the team for the all hard work and time they put into this project and if I’m wrong please correct me:)
Just my 2cents, peace and love!

19 Likes

Hey @null! I was just checking out selfrando today, too. Thanks for bringing that up. I’m curious to hear what others think. Currently, the main discussion has been around the p2p and vaults implementation.

1 Like

Yes this is important. There is a large focus right now on a feature freeze to get on Alpha rollouts. So code clean up after recent few tests again. It’s the way things are progressing, tests, alter, clean at the moment. It works well but requires nerves of steel with the cries for launch now (which I can fully understand). Fuzzing is an important step we should definitely consider further. The network is difficult to fuzz test but some modules will certainly be OK for this.

Viv was chatting about this and we would hope that some proposals for SAFE Browser will indeed look that direction. It seems to make sense, although we will not force it. I think proposals looking that direction will be taken a lot more seriously. Lets see though.

Perhaps check Community Engagement Program v0.1 and follow there. I really want to push that and get some additional resources helping out where we can easily. I hope we get some decent proposals and I feel we can.

PS: Welcome to the forum and the project.

12 Likes

Well about SAFE browser, wouldn’t it be a lot easier to modify the TOR browser to work with SAFE by changing the proxy settings instead of trying to build something from scratch up as it’s very time consuming? or are there some license issues that prevent us from using/modding TOR browser as we like?

3 Likes

No, I do think that would make the best proposal, but will require some other tweaks, possibly. It may make the easiest proposal and the cheapest whilst allowing us to use a well maintained codebase. Lets see though.

5 Likes

Yes that’s what I was thinking as selfrando+AddressSanitizer will likely be introduced in the next big version release of TBB after they are properly tested so I think this is the best path forward for SAFE browser to build on an already production ready codebase that has been proven to work. Also adding the following addon wouldn’t hurt it would make users even more anonymous:
https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/
and ublock would also be pretty useful for saving bandwith/blocking unwanted ads:

One more question and sorry if this has already been answered, is SAFE browser intended to be used only on the SAFEnet or also on the open internet?

Thank you for your answers and have a nice day!

2 Likes

I agree with all to here :wink:

This, we feel, anyway should be user configurable. Tor defaults (or used to) to clearnet and onion, allowing onion only to be selected.

I think SAFE should default to SAFE only and allow users to select clearnet if they wish.

User experience may prove otherwise (as tor probably found, although the proposition is different), but I would like to make sure there is at least a “stay SAFE” button, default on or off.

Thanks you to for the valuable input

2 Likes

Ok then I will think about making a CEP with whatever I believe would be good for SAFE browser but I’m not sure I will have the time/patience/skill to also implement it as I’m not familiar with the firefox source-code and I expect it to be pretty overwhelming but I’m sure there are other more skilled users lurking on this forum that could help:)

2 Likes

Cool, we will have this thing going late this week or early next. Just getting all feedback then we need to set up some forum categories and threads etc. I tink proposals can try also and secure a team if it helps.

4 Likes

I feel like the answer was just given for a school test.

Hope anyone planning a SAFE Browser proposal reads this short post.

2 Likes