[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lightning talk at IPFS camp

From: ng0
Subject: Re: Lightning talk at IPFS camp
Date: Thu, 13 Jun 2019 21:38:00 +0000

Pierre Neidhardt transcribed 1.7K bytes:
> Thank you all for your comments!
> > That sounds like a great opportunity. Guix and IPFS are in my humble
> > opinion two of the most interesting ongoing projects in the computing
> > world.. Bringing the two together can only make this better.
> My humble opinion is on the same page ;)
> >      - A unified way to refer to stuff (I am thinking of IPLD here)
> >              No more tarballs, git commits, etc. CIDs everywhere.
> Do you have a concrete use case?
> >      - A unified storage scheme for all data, both "system" and "user".
> Can you elaborate?
> I'm not too sure about how human input would be logged, but at the very
> least the idea of distributing the store seems amazing.
> In a not so distant future, we could simply distribute the store of
> everyone.
> So if Alice built qtwebkit locally (at last!), then Bob will be able to
> fetch the substitute.  There would be no difference between substitute
> servers and Guix users connected to the Internet.
> Anonymity should not really be a problem here, and even then it could be
> done over Tor.
> Thoughts?

Skipping all the rest, my brief comment on the tor point:
You don't want to use tor for this.
1) it depends on the country if it is safe at all to use
2) tor has some recent RFCs and/or papers which hint at what we've been
   talking about for years, tor in its current form does not scale for
   applications like this (even when the throughput of the servers in the
   tor network got faster globally).

At best make it an opt-in choice, legal reasons and safety considerations
of your entire user base / community call for (1) as a reason,
but also for (2) because you want to actively work on the relevant RFCs
to not make this an annoyance both for you and tor.
While some operating systems have the official blessing, I seem to recall
(paper notes...) that in no case tor said it is a good decision to sent
package manager traffic through it.

Since you have no covertraffic, the point for anonymity is moot anyways.

What's more, you buy into a couple of more points of authority to trust
(in particular directory server operators, their ISPs, and so forth).

I leave it up to you to gather the sources, I don't want to provide them
right now as it is doable with enough time for yourself to see this is
a bad idea.

> -- 
> Pierre Neidhardt

reply via email to

[Prev in Thread] Current Thread [Next in Thread]