========================================== Tahoe-LAFS Weekly News, issue number 3 ========================================== Welcome to the Tahoe-LAFS Weekly News (TWN) brought to you by Patrick McDonald, scribe and Zooko Wilcox-O'Hearn. Tahoe-LAFS_ is a secure, distributed storage system. This edition is also available here_. If you wish to subscribe via email, please go to the `mailing list`_ page. .. _Tahoe-LAFS: http://tahoe-lafs.org .. _here: http://tahoe-lafs.org/~zooko/TWN3.html .. _`mailing list`: http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news Announcements and News ====================== The First International Tahoe Summit is coming up soon. It starts the 27th of June. Below is the schedule for the Summit: * Monday meet the developers, etc. ask questions, invite Noisebridgers * Tuesday for all day deep dive on design with Brian * Wed, Thu work on what we got excited about on Tuesday * Brian either cancel Movie Night or we all go to Movie Night Nathan announced the Summit Grid Creation Party will be held at Noisebridge during the Summit. More details regarding the party can be found in this email_. Kevan made continued progress with MDMF. In particular, he made progess exposing MDMF dirs in the web API. The web user interface (WUI) and the CLI are next. .. _email: http://tahoe-lafs.org/pipermail/tahoe-dev/2011-June/006458.html Interview with the Developers ============================= This is quickly becoming my favorite section to write for the TWN. While lurking in #tahoe-lafs is a great way to learn a good deal about all assortments of topics, these interviews with the devs have taught me all kinds of things about the code which is Tahoe, but also about the people, ideas and the motivations behind it. I hope these interviews help make you as passionate about the project as it has made me. This week it was my pleasure to interview Peter Secor. Peter is the fomer President and CEO of Allmydata, Inc. and is the volunteer director for Tahoe-LAFS. Peter is currently working repairing the old prodcution grid from allmydata.com and later moving the grid to S3. If you are interested in helping to repair the grid, please contact Peter. Patrick: Give me a little introduction about yourself, tell me a bit about who you are. Peter: UC Berkeley undergraduate degree in applied mathematics with lots of computer science classes, worked for a bit in hardware/software integration, grad school at NYU in applied math, dropped out to help start up a network management software company, sold that, helped start Allmydata to provide secure storage to consumers and enterprises. I've lived in California, New York, Paris, Brussels. Patrick: Wow, that's pretty impressive. So how did you come to develop for Tahoe-LAFS? Peter: I was at Allmydata and we made the decision to develop the core software as an open source project. We went to Lake Tahoe for an off-site to design the next generation distributed, encrypted storage system. Thus Tahoe was born. Zooko and Warner were there along with a few other people. Patrick: Being one of the founders of Tahoe, what is your favorite memory of the project? Peter: My favorite memory so far, hmm b& thinking. Ah, I know, my favorite memories are of the hack-parties we threw at the Allmydata offices. We used to throw hack parties every time Zooko came out to the Bay Area. Allmydata would buy food and drinks, and we'd invite people over for a small presentation on something interesting, and then try to solve some problems. Patrick: Sounds like a good deal of fun. Peter: Yes, and we also fixed a lot of bugs or found a vulnerability. Patrick: So the next big feature is MDMF due in 1.9.0. What feature or features would you like to see in upcoming versions? Peter: I would like to see the newly open-sourced javascript UI cleaned up so that it can work by being served up by a grid. It would be a great example of an unhosted app, and very useful for managing files on the grid. I had it mostly working that way a couple years ago, but there has been bit-rot. Patrick: That is webdrive, correct? Peter: Correct. Patrick: Any words of wisdom for developers looking to join the Tahoe team? Peter: It's a good way to learn about Python, crypto, capability models, or all of them at the same time! Patrick: Where do you see Tahoe headed in the future? One year from now, what is new in Tahoe? Peter: There are a couple operational things and a couple functional things. I'm looking forward to the MDMF on the functional side, and a year from now I'd like to see some sort of accounting built-in. On the operational side, I'd like to have the website and build master no longer dependent upon a single box in my garage and migrated to virtual infrastructure. I'd also like to see the foundation get more funding support from outside sources, so that's something I'll take on. Patrick: As the volunteer director, what efforts can you talk which looking to raise funds for Tahoe? Peter: So, in order to raise funds, I'm talking to a few larger companies (like Google, Adobe, etc) and also to a few other smaller, niche companies that are interested in this area. We've been sponsored by Google Summer of Code a couple times, but I'd like to get something more permanent. Patrick: How do you like working the "suit" side of the project as opposed to the coder portion? Peter: I'm not a great coder, more of an integrator/prototyper, so working the funding side is fine for me if it's a good cause. I think Tahoe-LAFS is important in a few ways, one of which is being able to provide a solution that allows you to store files across corporate infrastructures without having to divulge the content. That gives a lot of power to the end user as they can continue to own their data and privacy. Patrick: Thank you very much for your time. This has been a fantastic interview. Peter: Adios Bug of the week =============== In a bit of shameless self promotion, the bug of the week is 1416_. This bug covers the TWN template. Please do not just think of it as template bug. Please provide information on things you would like to see, things you would like to see go. Use it as a forum to provide us with much needed feedback. Help me, help you. In all seriousness, the ticket of the week is 796_, write-only backup caps. Below is a direct quote from Zooko on why this ticket received his nomination. "The reason that I'm thinking of this is Bitcoin. I'm pretty excited about Bitcoin, and I read the sad story of a Bitcoin user whose value was stored on his computer in his wallet.dat file, and someone stole that file and transferred all of his Bitcoins to themselves. At current market rates, that was USD 500,000 worth! http://forum.bitcoin.org/index.php?topic=16457.0 Now if you use symmetric encryption on your wallet.dat file then this does *not* protect you from malware which is running on your computer about Bitcoin, and I read the sad story of a Bitcoin user whose value was stored on his computer in his wallet.dat file, and someone stole that file and transferred all of his Bitcoins to themselves. At current market rates, that was USD 500,000 worth! http://forum.bitcoin.org/index.php?topic=16457.0 Now if you use symmetric encryption on your wallet.dat file then this does *not* protect you from malware which is running on your computer [*]. Such malware can do whatever you can do, so if you can symmetrically encrypt and decrypt your wallet (in order to, for example, store more money in a symmetrically encrypted wallet) then that allows the attacker to do the same and steal all your money. It is like a lockbox that you have to open to put more cash in. But if you open it, the attacker can steal everything from inside it. On the other hand, public key encryption does not have the same property. You can encrypt your b without having, on that same computer, the ability to decrypt it, because your private key which is necessary for decryption is stored somewhere else and you access it rarely and carefully. This is more like a "piggy bank". A very strong piggy bank. How about: it is like a piggy-bank-shaped safe that has a little slot on top into which you can drop coins, but which cannot be opened without the key/combination. Some people currently protect their Bitcoin wallet by encrypting it with gpg and then backing up the encrypted copy to a remote site. This accomplishes the "piggy bank safe" scenario. Perfect! Except that most people don't do it, because they don't know how to use gpg. The Bitcoin developers are apparently working on adding symmetric encryption to the official client. That would be the lockbox scenario. In my opinion this is near-useless and may actually harm people by giving them a false sense of security. So, it would be cool, not only for Bitcoin wallets but also for all other sorts of backups, if you had a "write-only capability", which implements public key encryption just like the GPG scenario above, but integrated into your Tahoe-LAFS filesystem and your automated Tahoe-LAFS-based backups. This is the subject of 796_." .. _1416: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1416 .. _796: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/796 -- ---------------------------------------------------------------- | Patrick R. McDonald GPG Key: 668AA5DF | | https://www.antagonism.org/ <marlowe@antagonism.org> | | <mcdonald.patrick.r@gmail.com> | | <patrick@opensecurityfoundation.org> | ---------------------------------------------------------------- | Malo periculosam libertatem quam quietum servitium | ---------------------------------------------------------------- _______________________________________________ tahoe-lafs-weekly-news mailing list tahoe-lafs-weekly-news@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE