stebalien changed the topic of #ipfs to: Heads Up: To talk, you need to register your nick! Announcements: go-ipfs 0.4.21-rc1 and js-ipfs 0.35 are out! Get them from dist.ipfs.io and npm respectively! | Also: #libp2p #ipfs-cluster #filecoin #ipfs-dev | IPFS, the InterPlanetary FileSystem: https://github.com/ipfs/ipfs | Logs: https://view.matrix.org/room/!yhqiEdqNjyPbxtUjzm:matrix.org/ | Forums: https://discuss.ipfs.io | Code of
abhiyerra has joined #ipfs
manray has joined #ipfs
Elon_Satoshi has quit [Read error: Connection reset by peer]
manray has quit [Ping timeout: 272 seconds]
Elon_Satoshi has joined #ipfs
Elon_Satoshi has quit [Ping timeout: 248 seconds]
Ai9zO5AP has quit [Quit: WeeChat 2.4]
<postables[m]>
jon1012: one way to deduce their multiadress woudl be to generate a completely random file that you're fairly positive doesn't exist on IPFS, ie `cat /dev/urandom > foobar.txt` add that to their service
<postables[m]>
and then you can wait a bit for that information to propagate, and then run `ipfs dht findprovs <hash>`
<postables[m]>
and in theory you'll find their peerIDs
xcm has quit [Ping timeout: 244 seconds]
_nkls_ has quit [Remote host closed the connection]
xcm has joined #ipfs
Musk_Nakamoto has joined #ipfs
espadrine_ has quit [Ping timeout: 245 seconds]
_nkls_ has joined #ipfs
_nkls_ has quit [Client Quit]
RamRanRa has quit [Read error: Connection reset by peer]
xcm has quit [Read error: Connection reset by peer]
xcm has joined #ipfs
rozie has quit [Ping timeout: 245 seconds]
rozie has joined #ipfs
}ls{ has quit [Ping timeout: 245 seconds]
xcm has quit [Remote host closed the connection]
}ls{ has joined #ipfs
xcm has joined #ipfs
user_51 has joined #ipfs
ahve_ has quit [Quit: leaving]
user_51_ has quit [Ping timeout: 268 seconds]
Belkaar has quit [Ping timeout: 248 seconds]
Belkaar has joined #ipfs
Belkaar has joined #ipfs
pav_admin_ has quit [Remote host closed the connection]
iczero has quit [Quit: rip]
iczero has joined #ipfs
xcm has quit [Remote host closed the connection]
xcm has joined #ipfs
iczero has quit [Excess Flood]
<RockSteadyTRTL[m>
Anybody able to download `QmPfyZumbxCNHEP9GW2Voay7L3euoaQJKh7ASvtooPj4Jg`
<RockSteadyTRTL[m>
its about a 105mb csv
<RockSteadyTRTL[m>
i keep timing out and am having trouble increasing log level in the daemon
abhiyerra has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
KempfCreative has joined #ipfs
<postables[m]>
if you're having trouble downloading stuff, usually the first thing i do is `ipfs dht findprovs` like so `ipfs dht findprovs QmPfyZumbxCNHEP9GW2Voay7L3euoaQJKh7ASvtooPj4Jg`. This is a useful way to see if yo ucan find anyone hosting the content
<postables[m]>
in this case across three different nodes i can't find any providers
<postables[m]>
so th econtent is probably just not available (ie, node hosting it is offline)
iczero has joined #ipfs
verin0x has quit [Ping timeout: 248 seconds]
verin0x has joined #ipfs
manray has joined #ipfs
manray has quit [Ping timeout: 272 seconds]
Musk_Nakamoto has quit [Read error: Connection reset by peer]
}ls{ has quit [Remote host closed the connection]
griffinbyatt has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Musk_Nakamoto has joined #ipfs
Musk_Nakamoto has quit [Read error: Connection reset by peer]
Musk_Nakamoto has joined #ipfs
Musk_Nakamoto has quit [Read error: Connection reset by peer]
KempfCreative has quit [Ping timeout: 258 seconds]
Musk_Nakamoto has joined #ipfs
Musk_Nakamoto has quit [Read error: Connection reset by peer]
KempfCreative has joined #ipfs
Fessus has quit [Remote host closed the connection]
abhiyerra has joined #ipfs
<RockSteadyTRTL[m>
I had a suspicion it's not up, but the daemon isn't very forthcoming with verbose output
<RockSteadyTRTL[m>
I'll try more tomorrow
Musk_Nakamoto has joined #ipfs
Fessus has joined #ipfs
<RockSteadyTRTL[m>
daemon needed a kick, its up now, or should be afaict
<RockSteadyTRTL[m>
Thanks for the tips postables
<postables[m]>
np :D
MDude has quit [Ping timeout: 258 seconds]
matt-h has quit [Ping timeout: 246 seconds]
zeden has quit [Quit: WeeChat 2.4]
spinza has quit [Quit: Coyote finally caught up with me...]
matt-h has joined #ipfs
abhiyerra has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
spinza has joined #ipfs
Ai9zO5AP has joined #ipfs
xcm has quit [Remote host closed the connection]
Newami has joined #ipfs
xcm has joined #ipfs
jdloft has joined #ipfs
KempfCreative1 has joined #ipfs
KempfCreative has quit [Ping timeout: 250 seconds]
KempfCreative1 is now known as KempfCreative
opal has quit [Ping timeout: 256 seconds]
opal has joined #ipfs
redfish has quit [Remote host closed the connection]
Tiez has joined #ipfs
ulrichard has joined #ipfs
redfish has joined #ipfs
sfx2496 has joined #ipfs
_whitelogger has joined #ipfs
dbx2496 has joined #ipfs
sfx2496 has quit [Ping timeout: 272 seconds]
mqq[m] has joined #ipfs
barnacs has quit [Ping timeout: 252 seconds]
barnacs has joined #ipfs
graffen has quit [Quit: ZNC 1.6.5+deb1+deb9u1 - http://znc.in]
graffen has joined #ipfs
krhubert has joined #ipfs
kapilp has joined #ipfs
<krhubert>
Hi!
krhubert[m] has joined #ipfs
krhubert has quit [Quit: Leaving]
stoopkid has quit [Quit: Connection closed for inactivity]
raindrop_ has quit [Ping timeout: 250 seconds]
raindrop has joined #ipfs
nighty- has quit [Ping timeout: 248 seconds]
nighty- has joined #ipfs
<jon1012>
postables[m]: I don't think this message was directed to me?
<jon1012>
ahhhhhh
<postables[m]>
jon1012: hmm maybe i misread the wrong message, i think it was from a few days ago but my matrix client for some reason only showed it today
<jon1012>
forgot I asked about cloudflare :)
<jon1012>
you can add a file to cloudflare ipfs directly?
<mattober[m]>
@jon1012 you can't add a file to cloudflare directly. They're only a gateway provider, not a pinning service
cygeatwin has quit [Ping timeout: 258 seconds]
polman has quit [Ping timeout: 248 seconds]
c0dr[m] has joined #ipfs
ygrek has joined #ipfs
Taoki has joined #ipfs
ezeql has joined #ipfs
englishm has quit [Excess Flood]
englishm has joined #ipfs
}ls{ has joined #ipfs
sim590 has joined #ipfs
q-u-a-n3 has quit [Read error: Connection reset by peer]
sim590 has quit [Ping timeout: 248 seconds]
is_null has quit [Ping timeout: 246 seconds]
q-u-a-n2 has joined #ipfs
Lymkwi has quit [Read error: Connection reset by peer]
Lymkwi has joined #ipfs
is_null has joined #ipfs
Jesin has quit [Quit: Leaving]
q-u-a-n2 has quit [Remote host closed the connection]
q-u-a-n2 has joined #ipfs
abhiyerra has joined #ipfs
Newami has joined #ipfs
mateusbs17 is now known as mateusbs17|brb
polman has joined #ipfs
Jesin has joined #ipfs
sim590 has joined #ipfs
Jesin has quit [Remote host closed the connection]
toxync01 has joined #ipfs
toxync01- has quit [Ping timeout: 272 seconds]
Jesin has joined #ipfs
sim590 has quit [Ping timeout: 244 seconds]
Musk_Nakamoto has quit [Ping timeout: 258 seconds]
DavidPH has quit [Remote host closed the connection]
nickmane has joined #ipfs
nickmane has quit [Client Quit]
kivutar has quit [Ping timeout: 246 seconds]
stoopkid has joined #ipfs
chiui has quit [Ping timeout: 248 seconds]
kivutar has joined #ipfs
sim590 has joined #ipfs
pecastro has joined #ipfs
nast has joined #ipfs
Musk_Nakamoto has joined #ipfs
q-u-a-n2 has quit [Remote host closed the connection]
kgrandly is now known as KGrandly
is_null has quit [Ping timeout: 272 seconds]
is_null has joined #ipfs
Fessus has quit [Ping timeout: 272 seconds]
Smashnet has quit [Remote host closed the connection]
Fessus has joined #ipfs
Fessus has quit [Client Quit]
nast has quit [Quit: Leaving]
ericronne[m] has joined #ipfs
polman has quit [Ping timeout: 248 seconds]
polman has joined #ipfs
<postables1337[m]>
can't you host your website with cloudflare via IPFS?
mateusbs17|brb is now known as mateusbs17
ezeql has quit [Quit: Leaving]
k___ has joined #ipfs
k___ has quit [K-Lined]
TrUsT_n1 has joined #ipfs
k___ has joined #ipfs
k___ has quit [Excess Flood]
<TrUsT_n1>
I have a few questions about how the high water mark for peers works.
Tiez has quit [Quit: WeeChat 2.4]
<TrUsT_n1>
I have a high water mark set but, the daemon does not follow it.
k___ has joined #ipfs
k___ has quit [Excess Flood]
k___ has joined #ipfs
k___ has quit [Excess Flood]
k___ has joined #ipfs
k___ has quit [Excess Flood]
KGrandly has quit [Changing host]
KGrandly has joined #ipfs
sim590 has quit [Ping timeout: 246 seconds]
sim590 has joined #ipfs
plexigras has joined #ipfs
brianhoffman has quit [Ping timeout: 268 seconds]
<jon1012>
yeah, so that solution wouldn't work :/
ZaZ has joined #ipfs
sim590 has quit [Ping timeout: 248 seconds]
redfish has quit [Ping timeout: 252 seconds]
sim590 has joined #ipfs
<Atmos[m]>
postables#1337: why would u trust cf
<Atmos[m]>
you're slightly runiing the point of decentralization by adding a cdn that have improper way to do it job
<Atmos[m]>
like MITM
merethan has quit [Remote host closed the connection]
<Atmos[m]>
Well i gotta thanks the large amount of cf users for making my pentesting day basis easier
<Atmos[m]>
no one ever spoofed an headers
<Atmos[m]>
or grabbed a parent cookies lol
redfish has joined #ipfs
espadrine_ has joined #ipfs
jonnycrunch has joined #ipfs
TrUsT_n1 has quit [Remote host closed the connection]
ZaZ has quit [Read error: Connection reset by peer]
matt-h has quit [Ping timeout: 252 seconds]
italoacasas has joined #ipfs
matt-h has joined #ipfs
kapilp has quit [Quit: Connection closed for inactivity]
woss_io has joined #ipfs
zeden has quit [Quit: WeeChat 2.4]
<postables1337[m]>
@Atmos: I don't personally use cf but my response was to someone that asked a question about finding out the peerID of cloudflaree nodes
djdv has quit [Quit: brb ONT issues]
<Swedneck>
you're not really ruining the decentralization by using CF
<Swedneck>
people not using ipfs-companion will still need a gateway, so that's gonna centralize things no matter what you do
<Swedneck>
at most you can use a load balancer, but then you're still routed through one single load balancer
djdv has joined #ipfs
zutt has joined #ipfs
fauno has quit [Ping timeout: 246 seconds]
<Atmos[m]>
swedneck: i mean it's my personal biased opinions, but if you're alike and doing it for privacy
<Atmos[m]>
freedom, ur giving power back to cloud computing
<Atmos[m]>
I would compare it to giving a vegan speech while eating a steak
<Atmos[m]>
anyway, cf is slightly stupid when i have a scopes with it to pentest
<Atmos[m]>
i just register a box same geolocations, cf append by geolocations at this momnt u already have a huge chance to have the same shared certs, if thats what hes using
<mburns[m]>
Hi All, I'm going to be temporarily setting https://discuss.ipfs.io/ to read-only to backup and migrate the data to a newer server. The migration requires Discourse to flip a switch (and dns to propogate). So while it should be fast, I'm not entirely sure if that is minutes or tens of minutes or an hour+.
<Atmos[m]>
but thats not the problem, the problem is that ur site , most likekly will listen any request from anyone if it pretend to be CF
<Atmos[m]>
There is numerous PoC about this
ctOS has quit [Quit: Connection closed for inactivity]
<Atmos[m]>
a mitm that force ur site not to verify x-forwarded thats genius !
spinza has quit [Quit: Coyote finally caught up with me...]
nast has joined #ipfs
spinza has joined #ipfs
pecastro has quit [Ping timeout: 246 seconds]
woss_io has quit [Ping timeout: 272 seconds]
abhiyerra has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Fessus has joined #ipfs
nast has quit [Quit: Leaving]
Musk_Nakamoto has quit [Read error: Connection reset by peer]
italoacasas has quit [Quit: italoacasas]
<xelra>
Kubuxu: Can I ask you something about private networks? Now that ipfs-cluster is a thing, I wanted to check out whether I can set ipfs up for my family network. I'm not exactly sure what swarm.key does though. Can I be absolutely sure that by having a different swarm.key, no third-party will be able to connect to my swarm and that no data can leak? Even in the case someone would try to specifically connect to one of my nodes or my nodes try to connect to
<xelra>
the public swarm?
abhiyerra has joined #ipfs
Musk_Satoshi has joined #ipfs
vmx has quit [Remote host closed the connection]
Soo_Slow has quit [Remote host closed the connection]
q-u-a-n2 has joined #ipfs
<xelra>
For example, let's say one node of the cluster (with all the data present), would delete their .ipfs directory. Then to "fix" it run `ipfs init` and just start the daemon. Now with no swarm.key present and also all of the default bootstrap nodes in the config again, wouldn't the data be available to the public?
xcm has quit [Remote host closed the connection]
<xelra>
That's a typical scenario of user error that comes to mind.
xcm has joined #ipfs
<postables1337[m]>
Xelra: You can't be absolutely sure since it is entirely possible for someone to generate the same swarm key although thats probably pretty unlikely, or you could be using a bad source of randomness when you generate the key. I don't think there's any kind of rate-limiting or auto blacklisting of nodes attempting to join your private network but present an incorrect swarm key. So if someone on the internet has access
<postables1337[m]>
to the swarm port, then i believe they can still try to bruteforce the swarm key.
<postables1337[m]>
If you're running a private network, I wouldn't directly expose access to the swarm port in a manner capable of access by anyone on the internet. You can run your private network overtop an IPSec VPN for some additional security.
<xelra>
I see. Hmm. That doesn't sound very enticing. I was hoping for some proper ssh-level security.
<aschmahmann[m]>
xelra I don't think postables#1337 has indicated the security would be any worse than a publicly exposed ssh tunnel since the attacks mentioned are all about the randomness of the generated key.
gchristensen has joined #ipfs
<aschmahmann[m]>
however, your points about user error and generally the mixing of private and public networks certainly seem reasonable
<xelra>
I was always wondering why this feature isn't higher up on the priority list. It's not just for people that want to run entirely private networks and replace Syncthing, Dropbox, Seafile or Owncloud. It's also an important feature for anyone who wants to separate and use ipfs for an intra- and internet. Like a data center that runs a cluster in the center, but only allows one rack to actually connect to the public swarm.
<gchristensen>
Hello, I ran an ipfs node for like half an hour about 20 days ago. I have since had a lot of attempted connections over port 4001. For example, over the last 24 hours, ~80,000 unique IPs have tried to connect to my server over port 4001 a total of ~325,000 times. is there a way to indicate to the network that my node isn't coming back online? :P
<xelra>
Or in an "inter-planetary" setup, where you wouldn't want every client on Mars to connect to earth, but have a separate swarm for the colony and only the one uplink laser connect to the public swarm on Earth.
<xelra>
Well, it's sci-fi, but it's actually in the name of ipfs.
spinza has quit [Quit: Coyote finally caught up with me...]
<hsanjuan>
xelra: the swarm key should be secure enough to fully isolate the network. It's salsa20 stream cypher
<postables1337[m]>
aschmahmann: that's a good point
<hsanjuan>
xelra: if your swarm.key is unique, attempts to connect to your nodes or attempts from other nodes to connect to you simply fail because they don't speak the cypher
<xelra>
I see. That's good. But the user-error part is still a concern. Since the private network is set up as an "opt-out" solution, the risk for data leaks through user or configuration errors is very high.
<hsanjuan>
you mean, a user who was part of the network re-configuring their daemons to join the public network afterwards ? yeah.. but if you have that worry you can wrap or recompile go-ipfs to not start without a secret
spinza has joined #ipfs
<xelra>
Also, shouldn't the config be moved from ~/.ipfs to ~/.config/ipfs ?
<xelra>
Legacy software like vim does it, but I think new apps should follow the new rules.
<Swedneck>
<xelra "Or in an "inter-planetary" setup"> why would you want separate swarms for the 2 planets?
<Swedneck>
the only upside to that i can see is making sure IPNS stuff doesn't get confused, but that should just be fixed so it can't get confused
<xelra>
Well, with just a single uplink present it doesn't matter. But there's a number of reasons why the sysadmin would like to have control over traffic flow.
<xelra>
Let's say there's another colony on Ganymede and they have their own uplink. But their uplink is a million times slower. The sysadmin wouldn't be able to restrict the Mars colony from saturating Ganymede's Earth-uplink. Which could have catastrophic consequences.
<hsanjuan>
xelra: ¯\_(ツ)_/¯ I think it would have been great if ~/.config/ipfs had been chosen at the beginning, now I don't think it will be changed. But IPFS_PATH can be used to change that.. and distributions can easily patch it anyway in their packages if this is a thing. But note that to be fully compliant, config would have to go to `~/.ipfs/config/ipfs` and the blockstore etc to `~/.local/share/ipfs`
<xelra>
Swedneck: The same applies to a lot of other scenarios, for example where metered connections are in play.
<xelra>
For example if you have your own WiFi network in place, but many participants also have metered connections. Now you could serve them ipfs via that one hub that is connected via fiber and distribute into the private network via WiFi. While at the same time all the nodes would still be able to use their 4G connections, without worrying.
<xelra>
Such scenarios apply especially to those regions that could profit the most from ipfs. Remote regions and regions in developing countries.
<aschmahmann[m]>
xelra: I feel like you're combining privacy and priority into the same problem. Yes, you could use linking of various private networks to help slice up your network and create a priority hierarchy. Alternatively, you could just work on the priority problem by detecting which connections are expensive (4G vs Wifi), which nodes have more bandwidth available, and which nodes you just need to connect to because they have
<aschmahmann[m]>
rare content only available over the expensive network.
<gchristensen>
I'm looking for a description of the protocol -- is there one handy?
<aschmahmann[m]>
this is related to how libp2p's connectionmanager tries to figure out which connections to keep alive and which to drop. If you're interested in those problems I'm sure that they'd appreciate the help
<xelra>
I don't think sysadmins will accept this. That the system or the user gets to decide. Because they build the infrastructure and they want control over it.
<DarkDrgn2k[m]>
for those intrested - DWEB meetup (our networks) currently streaming over IPFS live 🙂 https://live.mesh.world/
RamRanRa has quit [Read error: Connection reset by peer]
<postables1337[m]>
It's probably not a good idea to let untrusted parties use your private network at this point in time
plexigras has quit [Ping timeout: 248 seconds]
<aschmahmann[m]>
xelra: accept what? if you wanted to manually (or perhaps with some preconfigured plugin) manipulate how important/valuable connections are you are free to do so.
mmuller has quit [Ping timeout: 244 seconds]
<aschmahmann[m]>
postables#1337: I think that's probably a general statement for all time (i.e. not just now). If you insist on a network being private and then you let an untrusted party exfiltrate data you're going to be in for a bad time.
mmuller has joined #ipfs
<postables1337[m]>
@aschmahmann: that's true. Although in theory if you had a plugin to handle encryption of the data and a way to create revocable swarm keys it might be easier to handle situations like having someone that's able to exfiltrate the data
<xelra>
^^ this
ygrek has quit [Ping timeout: 246 seconds]
<Swedneck>
i'm confused, why wouldn't sysadmins be able to control traffic going through their hardware?
<Swedneck>
how could IPFS ever force traffic through the single uplink?
rainmanj_ has joined #ipfs
<xelra>
I just think that ipfs needs additional security models. Because as soon as you go online, you start broadcasting. So everyone is aware of you. There's a significant likelyhood that if you had private data in the blockstore, it's leaked. Whereas in a traditional setup, you're likely safe, even if it just happened by accident.
rainmanjam has quit [Ping timeout: 257 seconds]
<xelra>
Swedneck: It's like a lake that wants to spill everywhere. If you just contain it on a hardware level, as soon as someone installs another uplink in your datacenter, every server would try to communicate through that additional link.
<xelra>
If you're unlucky, it could cost you millions. Just because of an uncareful employee.
rainmanjam has joined #ipfs
<xelra>
You need the servers in your data center to be on a private swarm to avoid such risks.
Newami has quit [Read error: Connection reset by peer]
rainmanj_ has quit [Ping timeout: 250 seconds]
<aschmahmann[m]>
xelra: even more than that my understanding is that current data centers that contain sensitive information are largely sealed off from the internet at large. Given that you're doing that you may as well use a private swarm just to be safe.
Musk_Satoshi has quit [Read error: Connection reset by peer]
<aschmahmann[m]>
If an employee is allowed to install a hardware device that bridges the local private network and the global public network. As long as data can be requested through the bridge then you have an exfiltration risk.
<aschmahmann[m]>
Yes, p2p applications have more "upload" and it is designed to try and make data available to people who request it. However, you haven't changed the quality of the issue just the quantity. The threat models aren't really any different, you just may have to be more careful in your setup. Note that the only way you can get data out of IPFS/IPNS is if it is directly requested from you by a hash which means the exfiltrator
<aschmahmann[m]>
needs to know the hashes of all the data it is looking for which is non-trivial by itself.
<xelra>
Yes, that's why I said I thought it was odd that the private network features weren't more of a first-class topic. I think that many sysadmins would like to move ipfs into production, especially as a DFS replacement. It's a really good protocol and very well suited for things like Wikipedia or Sourceforge. But the data-leak concerns and "uncontrolability" are show-stoppers for many scenarios.
<xelra>
^^ response to xx:38
Musk_Satoshi has joined #ipfs
espadrine_ has quit [Ping timeout: 258 seconds]
<aschmahmann[m]>
perhaps. the ordering of which problems to tackle first is always difficult given that resources are finite. If you're curious as to what/why the IPFS team is prioritizing as they are there are some useful resources at https://github.com/ipfs/team-mgmt and in the roadmap linked from there. As always, the more help the merrier so if you have time to implement improvements or even some thought out suggestions they'd be
<aschmahmann[m]>
great to see.
toxync01 has quit [Ping timeout: 258 seconds]
toxync01 has joined #ipfs
<xelra>
I don't want to complain. ipfs is great. Maybe I'm just a bit impatient, because I had specific scenarios in mind, for use-cases, which all require high levels of data security. Been here from the very beginning. First talks. Waiting (and discussing - lately not so much). ;)
<xelra>
I mean, if ipfs can be used for patient data in HIPAA compliance, then I'll shut up. :)