The SAFE Network's Resilience

I have a couple of questions regarding the SAFE Network’s resilience that I was hoping someone more knowledgeable might be able to comment on.

My first question concerns MaidSafe’s tendency to gradually move copies of data geographically closer to the place it is usually being requested from. (That’s my understanding of it, at least.) For example, imagine I have a unique file that only I use. There are four back-ups of this file, located relatively close to me (and will also gradually ‘follow’ me, even if I move to another part of the world—since I’m the only person requesting it, and so I’m not repeatedly pulling a file from a continent on the opposite side of the world). If so, in the extreme example of a city or region being heavily damaged (such as in a nuclear attack, or a catastrophic natural disaster) or somehow completely disconnected, would that result in a likely loss of data for many people? (My reasoning is that if all four back-ups are located in one region, heavy damage to that region could conceivably damage all four back-ups.)

My second question builds on this, and is in response to a comment David Irvine made in his Google Tech Talk from 2008 [Seattle Conference on Scalability: maidsafe: A New Networki - YouTube (from 45:44 to 47:15)]: He stated that if, for example, India got disconnected from the rest of the global SAFE Network, India would automatically form its own new SAFE Network, and could rejoin the global network at a later time after the issue had been resolved. But, my question is: If India became disconnected for a long period of time (let’s say ten years), how would that affect the network? Would there be difficulties in it re-joining the global network later? Would there be any conflicts or losses of data?

Only one of the copies (caches) will follow you, the rest are separated equally across the address range (so basically planet wide).

If a country disconnected for 10 years then it would reconnect, any duplication would be removed and new sata added. In terms of safecoin the smaller network would have (mostly) ceased to be able to create safecoin, but could still trade it internally on that network. Possibly more to think about here though. An outage of that time would be pretty catastrophic on society I think.


It’s been discussed on the forums several times. Simply speaking, no, a regional catastrophe wouldn’t cause any loss of data. A continental- or global-sized catastrophe may be able to. Because every file/object has multiple copies, one whole continent needs to be taken down for an extended period of time.

How is the ownership reconciled if the same coin was issued on each network before re-merging? Or if an existing coin was transferred to another owner on only one of the networks?

I think the larger network would likely precedence because there is a higher probability that the larger network has closer addresses to the safecoins. FWIW, bitcoin should have the same issue, except the network with the most transactions (likely the largest) will take precedence for all coins (MaidSafe should be on a per-coin basis).

This is the thing the coins on each side of the network would stay there and be tradable with accounts there. The small networks people would lose access to a proportionate amount of safecoin and likewise for the larger network. This lose would offset, depending on how popular safecoin was, over a time period. The 10 year thing though is an issue, I doubt a country would be offline that long. If it did there would be more variables than safecoin as their import/export markets would also be in turmoil as well as ability to trade currency etc. I imagine such a situation would cause way to much volatility to call. I am not saying it would be all bad, it might be good, but too hard to call.

Couldn’t copies be made in each network, depending on how the network was split? This system is designed to be resilient against loss of nodes, and a network split would simply appear as a major loss of nodes.

Coins are a different kind of data on the network. File chunk data is copied for redundancy but coins are not. If the network split, the transaction managers for accounts would be reassigned and users would still be able to send safecoin within the sub networks.

1 Like

The coin format & exchange algorithms are still in flux I believe - but is this documented somewhere? What happens to the information stored when the single node goes down? Are you referring to the PUT operation of a coin succeeding only once? This is different than duplicating the coin data to multiple locations.

Coins are held as group data and maintained by that group, so not distributed like immutable chunks, but managed more like structured_data_versions. Lots to document on that. Fraser and myself have managed to get out into a different office to get time to get some of the final design parts in place. The new system with Jira should allow all this to speed up considerably now. 8 YEars later I can design stuff that then just gets implemented, great. The drive and rudp stuff is looking to be shaping up nicely to (as you know :D) but we need to formalise there a little as well in case it diverges to much.


I’m still uncertain as to how regional disconnections are distinguished from simple network losses. As @dirvine explained, if a region gets disconnected from the global SAFE network, it can still function as its own smaller network (although the smaller network would mostly stop being able to create safecoin). But, how is this determined? There is no way for the smaller network to ‘know’ it is the smaller one, and that a larger global network still exists, right? As @vtnerd said, “a network split would simply appear as a major loss of nodes.”

I realize that some of these concerns may seem a little extreme—but, if this network really does become successfully deployed and important to the world, it seems like even seemingly unlikely risks are worth preparing for.

During the next testnets let’s try to outage ourselves and see what actually will happen?

1 Like

Think this way maybe. We lose 1/4 of all nodes. If safecoin is held equally across the range (it is) then 3/4 will be in one network and 1/4 in the other. That perhaps describes the situation, how we handle that is another matter. So say we lost this amount of nodes. 3/4 of the safecoin held by the smaller network are gone (for now) and 1/4 lost in the larger 3/4 network.

We are considering (only today) a metric that may be available to us that will help this a lot. That involves using the leading bits of pmid and mpid addresses for distributing nodes throughout the range in a very secure manner (not allowing lots of nodes to create and group). This mechanism can very possibly allow greater knowledge of the network population which till now has been a dream for me and a pain we have not been able to calculate it. in terms of safecoin knowing this information will allow the network to potentially detect network outages of any scale and then we have options. The detail of those options will work out during testnet3, although the testnets are possibly nowhere near large enough so we need to potentially move some measurements to a BETA with perhaps test_safecoin. As the tesnets roll out though we can home in on this.

A MaidSafe issue is that this is very new technology, not that it will be buggy, but the research we have done so far shows a startling thing, nobody has gone down this road, it’s not a well trodden path. We are well able to focus and answer these questions as we move along, but there is little to copy or learn from. That’s gonna change very soon though :smiley:


I volunteer 70 nodes for this testing; and I know I can mobilize support of many 100s more nodes in separate geographical locations for testing purposes at least for many days.


I will have to stop commenting on network splits and safecoin until I see this final design. I’ve been interested how this atomic exchange is going to work (and I suspect this group design has something to do with that); this should be worthy of a PhD disseration in its own right. Hopefully it will be a command available outside of the coin system? Lots of uses in financial related applications.


I meant to reply to this earlier, but got caught up with a much busier-than-expected period at my job. Anyway, I just want to say that I appreciate your answers to my questions. Although I think I have a basic conceptual understanding of some of the principles behind SAFE now, my mind is still filled with “what ifs” regarding various details. I’m trying to avoid taking up too much of others’ time asking questions that may have been answered before (even if I haven’t been able to find some of them). But I do hope some of the answers I’ve received here have been useful to a few others as well, who may have been curious about some of the same things.

As for the metric you mentioned which “involves using the leading bits of pmid and mpid addresses”, I hope that the testing for it goes smoothly. I don’t have a strong enough technical background to analyze SAFE’s code myself, so I’ll have to simply wait and see how most of these things unfold. I’m sure the SAFE Network will have many more supporters once it launches—and probably a fair share of opponents too—so I hope that the network shows itself to be resilient both technologically and ideologically. I’ll be actively following its development progress in the meantime, and will continue to tell others about it.

I’m not knowledgeable on maidsafe but according to all of your post, safe network on top of CJDNS would be quite resilience, and impossible to shut down.

If the Indian government decides to shut down the internet or some random occurrence that took entire network down, Indians would download, and run CJDNS. The Internet will be build once again. From there. Eventually, some random Indian peer that found a connection neighbor country peer. The network will begin to merge. The bottleneck between those two peers will be high. As more Indian peers connect to outside, it’ll balance the loads out.