Hello!
I have made a decentralised file system, like a cloud drive, but fully decentralised.
I feel it’s time to test it more thoroughly, and publish it. To get feedback and well let users use it!
So my question is, anyone wants to try it out?
It’s very easy to setup, you basically just need to forward 1 port and run a script. Or do the manual install which is just a couple of steps.
Sharing is very easy:
10f -i my_stuff image.jpg
Anyone curious enough to try it out?
Cheers
Valmond
PS. If you want to check it out, the whole story is here including quick setup, examples and so on. PPS. For the daring: Codeberg repo
Thanks :-)
First of all, this isn’t a replacement for gnutella or limeware (as someone mentioned in another post), it’s not meant to be a CDN (content delivery network), so it won’t be that useful if someone tried to shoehorn it into Lemmy for example. But it shares data, right? Yes, and it’s made to share data in a quite low level effort, like you have a website, ten people interact with it, not thousands or millions.
So for me, it’s like you having your website up and running (shared with few or many). Don’t share illegal content (or do and it’s on you). But that’s the easy part of course. You have all the control here.
For the sharing, where you have no control over what someone else is sharing through your node, it’s all encrypted. So what does that mean? It means your node is just shuffling seemingly random bits and bytes. In the EU and for what I know the US too, you are not legally responsible for what people share on your network, but you do have to comply with takedown requests etc.
I personally think this is the domain of politics, share the Wikipedia page of Tiananmen square massacre, if it gets traction in China, the CCP might want to ban the protocol. And so on. But today I cannot see how it can be illegal to run a Tenfingers node in the west. But again, I’m a computer programmer not an international lawyer.
Let’s split this up in two:
2a) On a network perspective, the nodes are trustless, so if a node tries to deliver bad data it will just be (from your nodes perspective) replaced. Checks are done regularly to verify nodes have your data.
2b) Personal Computer security:
The attack vectors are IMO:
Pythons network stack, which I admit I have to trust, and if it’s broken one day, I imagine fantastic resources are out there to fix it.
Pythons encryption library. Like the net stack, this is monitored by security specialists since many many years, so I trust this piece of software too.
The protocol itself
It’s quite basic, there are just a handfull of queries, and any non compliant communication instantly gets dropped. All RSA, and then AES encrypted. You could set up a node to trash-talk, but it would just eat up resources, and IP blacklist is included in the soft if needed. Buffer overflow attacks are taken into account and so on. But the protocol itself is very basic, thus quite easy to secure IMO but also to check out, the source code is FOSS so anyone can have a go at it. That said, I would love some testing, that is after all why I am here!
Hope I answered your questions, please do tell!
Do you have a space for testing so we can share our findings?
And how does peer discovery work for the initial segmentation and sharing of blocks? Usually there’s some type of central hub like a lighthouse in the case of a nebula mesh, or a tracker in bitorrent that assists in connecting nodes/peers. 10f claims it doesn’t need it. My understanding at this level isn’t great but I believe bitorrent uses a protocal called DHT that can do decentralized p2p discovery. Is it a similar mechanism?
Are you open to the idea of adding the option/alternative to opening ports, in which you could implement a hybrid approach similar to bitorrent using trackers and DHT. Volunteers could operate lite servers similar to nebula lighthouses that help peers find each other without needing to punch holes in the firewall.
EDIT: On second thought I’m not sure a lighthouse could be trusted enough. It would essentially contain a ledger of all active nodes connected to it historically.
I usually try to direct people at https://lemmy.mindoki.com/c/tenfingers which have proven not very effective, but you can post public messages there, or send a private DM to me directly if you so feel. It would be wonderful if you try 10f out and comment on how it works out.
Nodes in Tenfingers are different than in crypto current nodes or say in IPFS, they are discardable and trust less. Links themselves contains node adresses (there are more things here for the anti link decay system, which contains node adresses too), they are one part of node address sharing; use a link, absorb the adresses. The second part is sharing between nodes themselves, basically a node can get a request for addresses, and if honored, they’ll be added to the address list too. Remember, nodes are trustless and are used only if they function. At scale, even large amounts of bad nodes does not cripple the system.
So you need one link to bootstrap, but then it’s all decentralised.
For your hybrid approach, I will think about it but Tenfingers does not work like torrents. I have to figure out the benefits from such a system.
Thanks and I hope you give it a go!