How can I run Tahoe-LAFS on one computer

2013-11-12 Thread xiao_s_yuan 
I want to know can I put the client,storage,introducer on one computer with 
ubuntu,I tried to do this but find that only one .tahoe can exist under the 
/root folder,but every client or storage  must have a folder like .tahoe,so 
how can I run tahoe-LAFS on only one computer___
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

Re: How can I run Tahoe-LAFS on one computer

2013-11-12 Thread Ed Kapitein 
On Tue, 2013-11-12 at 16:03 +0800, xiao_s_yuan wrote:
 I want to know can I put the client,storage,introducer on one computer
 with ubuntu,I tried to do this but find that only one .tahoe can
 exist under the /root folder,but every client or storage  must have a
 folder like .tahoe,so how can I run tahoe-LAFS on only one computer

Hi xiao,

I successfully did that once by using different users for the introducer
and the storage server.
So run the introducer as user1 and run the main tahoe process as user2.


Kind regards,
Ed


___
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

Re: How can I run Tahoe-LAFS on one computer

2013-11-12 Thread Leif Ryge 
On Tue, Nov 12, 2013 at 09:24:18AM +0100, Ed Kapitein wrote:
 On Tue, 2013-11-12 at 16:03 +0800, xiao_s_yuan wrote:
  I want to know can I put the client,storage,introducer on one computer
  with ubuntu,I tried to do this but find that only one .tahoe can
  exist under the /root folder,but every client or storage  must have a
  folder like .tahoe,so how can I run tahoe-LAFS on only one computer
 
 Hi xiao,
 
 I successfully did that once by using different users for the introducer
 and the storage server.
 So run the introducer as user1 and run the main tahoe process as user2.
 
 
 Kind regards,
 Ed

The tahoe create-{client,node,introducer} and {start,stop,restart} commands all
accept an optional directory argument which can be used instead of the default
~/.tahoe directory.

Here are two different scripts which each automate the creation of local grids
for testing purposes:

https://github.com/nejucomo/lafs-giab
https://github.com/leif/tahoe-lafs/blob/truckee/quickgrid.sh

~leif


signature.asc
Description: Digital signature
___
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

Re: How can I run Tahoe-LAFS on one computer

2013-11-12 Thread str4d 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

You can create Tahoe nodes anywhere and run multiple nodes under a
single user. If you don't specify a node location, the default
location is used (~/.tahoe/). But you can also specify a node directory:

$ tahoe create-client ~/.tahoe-client
$ tahoe create-introducer ~/.tahoe/introducer
$ tahoe start -d ~/.tahoe-client
$ tahoe start --node-directory=/home/user/.tahoe/introducer

(Some commands support appending the node directory. All commands IIRC
support -d, --node-directory= )

str4d

On 11/12/2013 09:24 PM, Ed Kapitein wrote:
 On Tue, 2013-11-12 at 16:03 +0800, xiao_s_yuan wrote:
 I want to know can I put the client,storage,introducer on one
 computer with ubuntu,I tried to do this but find that only one
 .tahoe can exist under the /root folder,but every client or
 storage  must have a folder like .tahoe,so how can I run
 tahoe-LAFS on only one computer
 
 Hi xiao,
 
 I successfully did that once by using different users for the
 introducer and the storage server. So run the introducer as user1
 and run the main tahoe process as user2.
 
 
 Kind regards, Ed
 
 
 ___ tahoe-dev mailing
 list tahoe-dev@tahoe-lafs.org 
 https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBCgAGBQJSggu8AAoJENXeOJaUpGWyrtAH/3+Xb0zp75Si1RDRFc/SHrMJ
tlMDLMG2Nf8MLN9BMYRtCxJXWPihIisBAEv8dGOR4MNk1Czmn6EJsDOSe0BXLVBp
vLa3alpudNCbfpLXgjt2w2CkmlMmAQpZCEBHGEibSuJEMgDBYScmQV6kT7kkVsnR
cMAo6VfthkDi1MJPkx5Hsfl6TzROWiw6ditWKf2wau3lQWmkZcIptrFjwxaDmc8l
zHSszya5IvzHclFRdVRIN2RHZeOgkZx8stu5kDobe94T8oRoWDsMyXXQiyLetnkM
eO1SNpq2Yh0glYtcK/ksx+9Vqwc8kpJMz6/H/+sjRjEjfsWx/7wV0QTde6AgZpQ=
=JDK4
-END PGP SIGNATURE-
___
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

the new 2014 Add-Only Sets

2013-11-12 Thread Zooko O'Whielacronx 
Folks:

(This is a copy of
https://tahoe-lafs.org/trac/tahoe-lafs/ticket/795#comment:13 .)

Here's my rendition of our discussion of add-only sets at the Tahoe-LAFS
Summit today. (As usual, I altered and embellished this story significantly
while writing it down, and people who were present to witness the original
discussion are invited to chime in.)

An add-only cap doesn't have to also be a write-only cap. It might be good
for some use cases that you can give someone a cap that lets them read the
whole set, and add elements into the set, without letting them remove
elements or change previously-added elements. It might be good in some
*other* use cases to have an add-onlywrite-only cap, which allows you to
add elements into the set but doesn't let you read elements of the set, nor
remove nor change previously-added elements. We agreed to focus on the
former case for now, because it is easier to design and implement a
solution to it. (See
#796https://tahoe-lafs.org/trac/tahoe-lafs/ticket/796for discussion
of write-only caps.)

We agreed to forget about erasure-coding, which makes an already-confusing
problem (how to implement add-only sets without allowing a few malicious
servers, adders, or set-repairers to perform *rollback attack* or *selection
attack*), into a *very*-confusing problem that exceeded my brain's ability
to grapple with it.

So, for now, assume that add-only sets don't use erasure-coding at all.

Now, the basic design we came up with is like this. I'll explain it in
multiple passes of successive refinement of the design.
FIRST PASS: DESIGN 0

An authorized adder (someone who holds an add-cap) can generate elements,
which are bytestrings that can be added into the set. (I mispronounced
elements as elephants at one point, and from that point forward the
design was expressed in terms of a circus act involving elephants.)

Elephants have an identity as well as a value (bytestring), so:

aos = DistributedSecureAddOnlySet()
aos.add_elephant(b\xFF*100)
aos.add_elephant(b\xFF*100)

results in aos containing *two* elephants, not one, even though each
elephant has the same value (the bytestring with one hundred 0xFF bytes in
it).

aos.add_elephant() generates a random 256-bit nonce to make this elephant
different from any other elephant with the same value. I call this putting
a tag on the elephant's ear — a tagged elephant is a value plus a nonce.
Even if two elephants are identical twins, they can be distinguished by the
unique nonce written on their ear-tags.

aos.add_elephant() then puts a digital signature on the tagged-elephant
(using the add-only-cap, which contains an Ed25519 private key), and sends
a copy of the tagged-elephant to every one of N different servers. Putting
a digital signature on a tagged-elephant is called wrapping a net around
it.

A reader downloads all the tagged-elephants from all the servers, checks
all the signatures, takes the union of the results, and returns the
resulting set of elephants.

Design A relies on *at least one* of the servers that you reach to save
you from rollback or selection attacks. Such a server does this by knowing,
and honestly serving up to you, a fresh and complete set of
tagged-elephants. “Rollback” is serving you a version of the set that
existed at some previous time, so the honest server giving you a copy of
the most recent set protects you from rollback attack. “Selection” is
omitting some elephants from the set, so the honest server giving you a
complete copy of the set protects you from selection attack.
SECOND PASS: DESIGN 1

We can extend Design 0 to make it harder for malicious servers to perform
selection attacks on readers, even when the reader doesn't reach an honest
server who has a complete copy of the most recent set.

The unnecessary vulnerability in Design 0 is that each tagged-elephant is
signed independently of the other tagged-elephants, so malicious servers
can deliver some tagged-elephants to a reader and withhold other
tagged-elephants, and the reader will accept the resulting set, thus
falling for a selection attack. To reduce this vulnerability, adders will
sign all of the *current* tagged-elephants along with their new
tagged-elephant with a single signature. More precisely, let the identity
of a tagged-elephant be the secure hash of the tagged-elephant (i.e. the
secure hash of the nonce concatenated with the value). The signature on a
new tagged-elephant covers the identity of that tagged-elephant,
concatenated with the identities of all extant tagged-elephants, under a
single signature. In circus terms, you add the new tagged-elephant into a
pile of tagged-elephants and throw a net over the entire pile, including
the new tagged-elephant.

Now, malicious servers can't omit any of the older tagged-elephants without
also omitting the new tagged-elephant. Readers will not accept the new
tagged-elephant unless they also have a copy of all of the other
tagged-elephants that were signed with the same