Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 06 11:46
    devxpy commented #69
  • Jul 06 01:18
    RangerMauve commented #69
  • Jul 05 22:08
    devxpy commented #69
  • Jun 24 20:57
    joehand commented #88
  • Jun 24 20:56
    joehand commented #88
  • Jun 24 20:55
    joehand commented #88
  • Jun 24 20:55
    joehand commented #88
  • Jun 24 20:54
    joehand pinned #88
  • Jun 24 20:54
    joehand closed #88
  • Jun 24 20:54
    joehand commented #88
  • Jun 24 20:47
    RangerMauve commented #88
  • Jun 24 20:39
    todrobbins commented #88
  • May 31 16:11
    RangerMauve commented #88
  • May 31 08:14
    decentral1se commented #88
  • May 30 21:59
    todrobbins commented #88
  • May 30 21:56
    todrobbins commented #88
  • May 30 21:41
    RangerMauve commented #88
  • May 30 21:28
    todrobbins commented #88
  • May 30 21:26
    todrobbins commented #88
  • May 30 21:22
    RangerMauve commented #88
dat-bot
@dat-bot
karissa wee grats!
nettiopsu
@nettiopsu
@pfrazee wow, the log viewer looks cool!
Aral Balkan
@aral
@alexindigo Thanks :) By native, I mean “not web” or maybe more precisely “replicates over TCP?” Basically, not over a WebSocket or WebRTC :)
@konobi Thank you; will have a read :)
dat-bot
@dat-bot
karissa alexindigo one way to get hypercore running with react-native is to have a node process running simultaneously, which the react-native process talks to via unix sockets or http requests (for example)
karissa alexindigo there are some examples floating around http://github.com/cabal-club/cabal-mobile/
dat-bot
@dat-bot
karissa alexindigo though it would be really awesome to be able to run it in the same process as react-native, as it can be a bit of a headache to manage multiple processes.
Alex Indigo
@alexindigo
@karissa I played with nodejs-mobile a bit. I wasn't able to run hypercore there out of the box and when I started to dig deeper, it's another thread with deoptimized JS runtime, and comparing it to react-native-sodium that uses native encryption I decided to try to make it work that way, so I can get use of native encryption and networking (not sure how that latest part implemeted in nodejs-mobile)
I'll check out other links, thank you
Franz K.H.
@Frando
@aral i didn't work on encrypted hypercore but would be very much interested in it ;-)
Martin Heidegger
@martinheidegger
Ah right that was fsteff :D
Franz K.H.
@Frando
and i think the best way to make something like this more ore less usable in the wider ecosystem would be to make all higher level tools accept a hypercore constructor function in opts, similar how these days you can pass your own instance of random-access-storage. multifeed/kappa-core already does it that way and it'll be a simple PR to hyperdb
i might try to find the time to do it soonish. that would also simply things if you want to manage storage for a lot of e.g. hyperdbs.
and then that could also maybe be the right place do start implementing block-level deduplicated storage. dunno if that would be doable at the random-access-storage layer (would it?=
Martin Heidegger
@martinheidegger
no it wouldn't imo.
dat-bot
@dat-bot
karissa alexindigo okay, this might be the best example which has hypercore working on nodejs-mobile https://github.com/cabal-club/cabal-mobile/blob/master/nodejs-assets/nodejs-project/package.json
Alex Indigo
@alexindigo
Thanks @karissa I’ll play with it
dat-bot
@dat-bot
noffle substack: congrats!
Martin Heidegger
@martinheidegger
seconding the congrats!
Aral Balkan
@aral
@Frando Thank you for the link to hypercore-encrypted. Looks very helpful :)
Aral Balkan
@aral
Been giving device authorisation in multiwriter some more thought and, contrary to my initial knee-jerk reaction, I think it can be done within the limitations of the current system. It should be possible to handle lost/stolen devices as long as the write key (secret key/private key) is never stored on any device. Since I’m using key derivation from a Diceware passphrase salted with the unique domain in Hypha, this should be easy to support in a usable manner (the passphrase has to be stored in a password manager – or a brain better than mine ­– anyway). So I’m thinking that the master passphrase will not be tied to any hypercore and every device’s writeable hypercore will derive its keys from the master key with the name of the device used as the salt. This means that on any node where the person enters the passphrase and the name of the device to be authorised is known, its public (and private) key can be calculated and the device authorised in the local hypercore. If a device is lost/stolen, lack of the passphrase will disallow further writing. Of course, this requires that the device is properly secured at other layers in the stack (i.e., auto lock, password on lock, full-disk encryption). Do any of you see any glaring issues with this?
dat-bot
@dat-bot
yoshuawuyts pfrazee: woah, that looks really good!
yoshuawuyts (that = logviewer)
dat-bot
@dat-bot
cblgh substack: woah that's big, congrats :3
RangerMauve
@RangerMauve
@aral Only worry I'd have is how you derive the key from the password. You should be careful to look into what methods are safe since not all hash functions would be safe
Like, typical password with a hash won't have a very high level of entropy compared to a truly random private key. Maybe encrypt the private key with a password and store that publicly?
Aral Balkan
@aral
@RangerMauve Cool, thanks :) I think I have the password/key generation down. The password generation process is based on Diceware (using the EFF word list) and I’m generating keys where the process has ~100 bits of entrophy. The key derivation is via scrypt (see https://github.com/jo/session25519) and the salt is globally unique (domain name). https://ar.al/2019/01/15/hypha-spike-diceware/ (Source: https://source.ind.ie/hypha/spikes/diceware)
RangerMauve
@RangerMauve
@aral Sweet. Thanks for the link!
Aral Balkan
@aral
(While we were working with the City of Ghent last year, I was trying out keeping the keys on the always-on node and doing just that – encrypting the private key with the passphrase – but I want the always-on node to not be privileged in any way. In fact, I want it to be less privileged than nodes that you have primary control over.)
@RangerMauve ;)
RangerMauve
@RangerMauve
I was thinking of just shoving the encrypted private key right into the dat archive for the public key. ¯_(ツ)_/¯
Aral Balkan
@aral
@RangerMauve Ah, gotcha, yes, that would work. But in my design, it would be redundant as we can simply generate it on demand from the passphrase anyway and there’s only ever just one passphrase to remember (or for your password manager to remember) :)
@RangerMauve PS. Just pinged you on fritter (remembered it after seeing your profile) – did you get those at all? Got lots of timed out errors.
  • profile = homepage :)
RangerMauve
@RangerMauve
@aral Not that I can see. What's your fritter profile so I can check if it loads. I'm at dat://fritter.hashbase.io/user/dat://3df8868d5c3420d7acdf72d17129e4569cf83723092314ea6b260d112797d8c8
matrixbot
@matrixbot
paul90 RangerMauve (Gitter): The last message I see from you in fritter was from 5 days ago "It's been so quiet on here lately. :P" But, it took a couple of days to show up here... I'm at dat://fritter.hashbase.io/user/dat://76910d65f17c3f010972b2a02a72063ef60fb9dccb296f9cc2123c934da8bfc6
RangerMauve
@RangerMauve
paul90: Snap, it seems I haden't followed you yet! :P Fritter is cool, but finding people to interact with is still a big pain point IMO
matrixbot
@matrixbot
paul90 discovery is certainly a big pain point...
dat-bot
@dat-bot
konobi aral: there seem to be quite a few projects trying to grapple with the UX side of this sort of key/profile management... I'd wonder how much knowledge there would be nice to have as a shared resource
matrixbot
@matrixbot
paul90 just looking at the network debugger in beaker - I'm seeing "remote timed out" connecting to hashbase, which can't be helping.
dat-bot
@dat-bot
cblgh pfrazee: feels like you might have opinions on a contacts API https://twitter.com/gozala/status/1088177108923297792
cblgh google is apparently floating a spec
pfrazee cblgh: yeah I saw that. Seems like a nice-to-have
Aral Balkan
@aral
@RangerMauve Can see my replies from that link. Just saw your latest message too and sent you a reply :)
@konobi: Would be very useful :)
Aral Balkan
@aral
@substack is hyperdrive-multiwriter still current? (https://github.com/substack/hyperdrive-multiwriter).