samizdat issueshttps://0xacab.org/rysiek/samizdat/-/issues2021-08-24T20:45:30Zhttps://0xacab.org/rysiek/samizdat/-/issues/78BitFrost + Samizdat?2021-08-24T20:45:30ZMichał "rysiek" WoźniakBitFrost + Samizdat?This seems very on-topic: https://www.qurium.org/bifrost/
Sounds like something that could be the backing-store for Samizdat. Or, put differently, sounds like something that could benefit from Samizdat automagically fetching data from B...This seems very on-topic: https://www.qurium.org/bifrost/
Sounds like something that could be the backing-store for Samizdat. Or, put differently, sounds like something that could benefit from Samizdat automagically fetching data from BotFrost if the origin site is blocked.Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/77Investigate JMAP as a potential transport plugin2021-04-06T17:40:09ZMichał "rysiek" WoźniakInvestigate JMAP as a potential transport plugin[JMAP](https://jmap.io/) is a thing, works in the browser, and could allow Samizdat to use JMAP-enabled mail hosts as transports. Question is, does anyone actually use it?..[JMAP](https://jmap.io/) is a thing, works in the browser, and could allow Samizdat to use JMAP-enabled mail hosts as transports. Question is, does anyone actually use it?..Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/76Other work in the area2020-12-29T22:58:24ZMichał "rysiek" WoźniakOther work in the areaThis issue will gather links to similar projects or related developments.This issue will gather links to similar projects or related developments.https://0xacab.org/rysiek/samizdat/-/issues/75Potential plugin: cjdns2020-10-19T23:35:24ZMichał "rysiek" WoźniakPotential plugin: cjdnsPotentially, [`cjdns`](https://github.com/cjdelisle/cjdns) could be an interesting transport plugin tech. Pros include public-key routing and an active large network of nodes ([Hyperboria](https://hyperboria.net/)).Potentially, [`cjdns`](https://github.com/cjdelisle/cjdns) could be an interesting transport plugin tech. Pros include public-key routing and an active large network of nodes ([Hyperboria](https://hyperboria.net/)).https://0xacab.org/rysiek/samizdat/-/issues/74Censorship-circumvention for the config2020-10-05T17:53:41ZMichał "rysiek" WoźniakCensorship-circumvention for the configCurrently, all config options are kept in `config.js` and imported directly in `service-worker.js`, which means it's considered a part of the Service Worker by the browser and only allowed to update via direct HTTPS `fetch()`.
We need t...Currently, all config options are kept in `config.js` and imported directly in `service-worker.js`, which means it's considered a part of the Service Worker by the browser and only allowed to update via direct HTTPS `fetch()`.
We need to be able to fetch updated config settings (by fetching `config.js` or via some other means) and update the Service Worker configuration using it. This probably requires going through the cache, and storing *specific config options* there.
Not all config options can be meaningfully changed this way, however. For example, the set of JS files (and thus, plugins) that is loaded by the Service Worker cannot change without a direct HTTPS `fetch()` (which is a limitation imposed by the API specs); if implemented right, their order could be different, however. This could create a situation where a new config requires loading of files that have not been loaded and breaks Samizdat for someone for whom the original site is blocked.
tl;dr this is trickyMichał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/73Make it possible to explicitly configure each plugin when loading2020-09-29T22:37:11ZMichał "rysiek" WoźniakMake it possible to explicitly configure each plugin when loadingCurrently a plugin file gets loaded and a plugin immediately instantiated, with a hard-coded `SamizdatConfig` path (based on plugin name) used for config. This needs to change.
This is relevant for #72Currently a plugin file gets loaded and a plugin immediately instantiated, with a hard-coded `SamizdatConfig` path (based on plugin name) used for config. This needs to change.
This is relevant for #72Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/72Allow loading the same plugin multiple times with different config2020-10-04T00:48:07ZMichał "rysiek" WoźniakAllow loading the same plugin multiple times with different configWe need a way to load the same plugin multiple times with different configs. For instance, we might want to try using a few different IPNS identities, or different HTTPS gateways, etc.
This is also relevant for #70.We need a way to load the same plugin multiple times with different configs. For instance, we might want to try using a few different IPNS identities, or different HTTPS gateways, etc.
This is also relevant for #70.Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/68Split the CI/CD pipeline into separate stages/jobs2020-09-21T23:57:57ZMichał "rysiek" WoźniakSplit the CI/CD pipeline into separate stages/jobsCurrently we have the whole of deployment and publishing as a single job. That's not helping as far as fixing issues is concerned (debugging a problem somewhere down the line requires a full run).
Separating it into jobs also means thin...Currently we have the whole of deployment and publishing as a single job. That's not helping as far as fixing issues is concerned (debugging a problem somewhere down the line requires a full run).
Separating it into jobs also means things could happen simultaneously (for instance, Gun and IPNS updates).BetaMichał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/66Consider implementing means of detecting content deployed by an adversary2020-09-23T02:04:06ZMichał "rysiek" WoźniakConsider implementing means of detecting content deployed by an adversaryCurrently Samizdat is unable to notice if, for whatever reason, content returned by any transport plugin (`fetch`, or any other that does not inherently provide end-to-end verification of content) is has been maliciously modified.
**Sc...Currently Samizdat is unable to notice if, for whatever reason, content returned by any transport plugin (`fetch`, or any other that does not inherently provide end-to-end verification of content) is has been maliciously modified.
**Scenario 1:**
1. Website is deployed with Samizdat in the current default configuration (`fetch`->`cache`->`gun+ipfs`).
1. An adversary takes over the original domain, and deploys a new SSL certificate
1. The adversary then deploys their own versions of some content (`index.html`, for example)
1. When a user visits the site, `fetch` succeeds and the adversary-controlled `index.html` is displayed; alternative transports are not ever used for that file.
**Scenario 2:**
1. Website is deployed with Samizdat configured to pull content from Google Drive as an alternative endpoint, in case original website is unavailable.
1. An adversary gains access to the Google Drive folder by whatever means and modifies content.
1. Then, the adversary blocks the original domain.
1. Content modified by the adversary is now served to users.
This *could* be mitigated to some extent with some for of content signing, at least for HTML/CSS/JS, but at a cost of added complexity. Perhaps it could be implemented as an optional plugin, which would wrap any other plugin, and verify the content signature against a known public key of some sort. If the signature does not match (or is absent), throw an error.
The signature could be added as a comment in the last line of text-based files, for example. Headers won't work, since in case of most plugins there is no way to control the headers.https://0xacab.org/rysiek/samizdat/-/issues/63Pure Gun transport plugin?2020-09-16T23:18:08ZMichał "rysiek" WoźniakPure Gun transport plugin?Seems like it should be possible to have a pure Gun transport plugin:
>>>
Michał Woźniak
@rysiekpl_gitlab
Sep 15 22:43
>> @rysiekpl_gitlab I've synced even video files as big as 30MB, and part of the goal of the new version is to see ho...Seems like it should be possible to have a pure Gun transport plugin:
>>>
Michał Woźniak
@rysiekpl_gitlab
Sep 15 22:43
>> @rysiekpl_gitlab I've synced even video files as big as 30MB, and part of the goal of the new version is to see how far I can push this limit ( @QVDev at one point was near live-streaming video across 4G) if you wanna help with the Infinity Scroll test... once that is passing I want to apply it to video.
>
> Right. When you say "synced", how exactly? I assume not using put(), right? Is there some API I am missing?
gunchatbridge
@gunchatbridge
22:06
> [D] marknadal: <@!105969993933422592>
> @rysiekpl_gitlab yes using .put( 😛 not saying it was the best idea but works to some extent and I'm trying to make it better over time. https://github.com/amark/gun/blob/master/examples/basic/upload.html
>>>
Not sure how useful that would be. Gun still does not have a public node network, and is still rather... unstable.https://0xacab.org/rysiek/samizdat/-/issues/57Automated tests for the Service Worker and front-end2020-09-08T14:02:58ZMichał "rysiek" WoźniakAutomated tests for the Service Worker and front-endWe should really have some automated testing framework for the Service Worker code and the front-end stuff.We should really have some automated testing framework for the Service Worker code and the front-end stuff.https://0xacab.org/rysiek/samizdat/-/issues/56Automated tests for the CLI2020-09-08T19:36:11ZMichał "rysiek" WoźniakAutomated tests for the CLIWe really should have some automated testing framework for the CLI.We really should have some automated testing framework for the CLI.https://0xacab.org/rysiek/samizdat/-/issues/55CLI: Gun user deletion does not work2020-09-15T01:25:55ZMichał "rysiek" WoźniakCLI: Gun user deletion does not workPerhaps library versions need bumping.
```
user@personal:~/Projects/samizdat/samizdat-cli$ node . --debug gun-user-delete test test
Hello wonderful person! :) Thanks for using GUN, feel free to ask for help on https://gitter.im/amark/gu...Perhaps library versions need bumping.
```
user@personal:~/Projects/samizdat/samizdat-cli$ node . --debug gun-user-delete test test
Hello wonderful person! :) Thanks for using GUN, feel free to ask for help on https://gitter.im/amark/gun and ask StackOverflow questions tagged with 'gun'!
DEBUG :: setup_gun(): stub!
DEBUG :: setup_gun(): stub!
DEBUG :: pre-setup_gun
DEBUG :: setup_gun(): stub!
DEBUG :: post-setup_gun
DEBUG :: pre-promise; username: test
user.delete() IS DEPRECATED AND WILL BE MOVED TO A MODULE!!!
NO! Account must match! { '~WA925dtc3bnbsyNu8E4ujiBMOywcrO05iQE2MEABcF4.8wwDh6OYteDLs0TdPHAUR0rAMDR2_ykzYBgPnoAhVOM':
{ _:
{ '#':
'~WA925dtc3bnbsyNu8E4ujiBMOywcrO05iQE2MEABcF4.8wwDh6OYteDLs0TdPHAUR0rAMDR2_ykzYBgPnoAhVOM',
'>': [Object] },
pub: null } }
User 'test' successfully deleted.
Waiting for user deletion to propagate through the Gun network...
TypeError: Cannot read property 'm' of null
at Object.SEA.verify.SEA.verify (/home/user/Projects/samizdat/samizdat-cli/node_modules/gun/sea.js:443:33)
(node:23393) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'm' of null
at Object.SEA.verify.SEA.verify (/home/user/Projects/samizdat/samizdat-cli/node_modules/gun/sea.js:443:33)
(node:23393) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:23393) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
DEBUG :: +-- verifying user deletion propagated into the Gun network
DEBUG :: starting the confirmations-do-not-work timeout...
DEBUG :: +-- received data, user still exists
DEBUG :: pubkey: WA925dtc3bnbsyNu8E4ujiBMOywcrO05iQE2MEABcF4.8wwDh6OYteDLs0TdPHAUR0rAMDR2_ykzYBgPnoAhVOM
{ err: 'Error: No ACK received yet.', lack: true }
{ err: 'Error: No ACK received yet.', lack: true }
DEBUG :: confirmations-do-not-work timeout fired, exiting cleanly...
user@personal:~/Projects/samizdat/samizdat-cli$ node . --debug gun-user-pubkey test
Hello wonderful person! :) Thanks for using GUN, feel free to ask for help on https://gitter.im/amark/gun and ask StackOverflow questions tagged with 'gun'!
DEBUG :: gun_user_pubkey()
DEBUG :: pre-setup_gun
DEBUG :: setup_gun(): stub!
DEBUG :: post-setup_gun
DEBUG :: pre-promise; username: test
WA925dtc3bnbsyNu8E4ujiBMOywcrO05iQE2MEABcF4.8wwDh6OYteDLs0TdPHAUR0rAMDR2_ykzYBgPnoAhVOM
user@personal:~/Projects/samizdat/samizdat-cli$ node . --debug gun-user-pubkey test
Hello wonderful person! :) Thanks for using GUN, feel free to ask for help on https://gitter.im/amark/gun and ask StackOverflow questions tagged with 'gun'!
DEBUG :: gun_user_pubkey()
DEBUG :: pre-setup_gun
DEBUG :: setup_gun(): stub!
DEBUG :: post-setup_gun
DEBUG :: pre-promise; username: test
WA925dtc3bnbsyNu8E4ujiBMOywcrO05iQE2MEABcF4.8wwDh6OYteDLs0TdPHAUR0rAMDR2_ykzYBgPnoAhVOM
```BetaMichał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/53Add/improve live examples to better illustrate functionality2020-09-07T21:19:08ZMichał "rysiek" WoźniakAdd/improve live examples to better illustrate functionalityWe have [an example page](https://samizdat.is/example/) that only works after Samizdat is loaded (that is, after at least one visit to [the Samizdat site](https://samizdat.is/). This is useful, but can be improved upon:
- [ ] multiple d...We have [an example page](https://samizdat.is/example/) that only works after Samizdat is loaded (that is, after at least one visit to [the Samizdat site](https://samizdat.is/). This is useful, but can be improved upon:
- [ ] multiple different examples, showing how Samizdat behaves in different failure modes (depending on what we can simulate just with `nginx` configs, I guess)
- [ ] `404 Not Found`
- [ ] `500 Internal Server Error` and/or some other 50x errors
- [ ] blackholing the request (request accepted, no data returned, but connection not terminated, just hanging)
- [ ] response throttled down to a trickle (request accepted, but data returned so slow it's basically useless)
- [ ] example of `fetch()`-less Service Worker to demonstrate possible privacy gainMichał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/52What is max age samizdat can survive after blocking?2020-09-07T21:05:06Z0xf005ecWhat is max age samizdat can survive after blocking?Hi! Saw your presentation at HOPE and would like to contribute to this project.
The last time I checked this idea, it was non-viable due to 24h limit browsers put on service workers to avoid abuse (e.g. ransomware style attacks after hi...Hi! Saw your presentation at HOPE and would like to contribute to this project.
The last time I checked this idea, it was non-viable due to 24h limit browsers put on service workers to avoid abuse (e.g. ransomware style attacks after hijacking victim's domain name).
Has this limitation been lifted yet?https://0xacab.org/rysiek/samizdat/-/issues/51ServiceWorker not kicking in on force-reload2020-09-08T11:30:45ZMichał "rysiek" WoźniakServiceWorker not kicking in on force-reloadRelevant:
- https://stackoverflow.com/questions/37559415/how-to-make-serviceworker-survive-cache-reset-shiftf5
- https://developers.google.com/web/fundamentals/primers/service-workers/lifecycle#shift-reload
Might require a simple FAQ ...Relevant:
- https://stackoverflow.com/questions/37559415/how-to-make-serviceworker-survive-cache-reset-shiftf5
- https://developers.google.com/web/fundamentals/primers/service-workers/lifecycle#shift-reload
Might require a simple FAQ entry. Unless we want to muck around with how force-reload is handled.Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/50Samizdat-as-a-Service2020-09-07T21:08:21ZMichał "rysiek" WoźniakSamizdat-as-a-ServiceConsider offering loading content to Gun+IPFS or whatever other plugin to websites deploying Samizdat.Consider offering loading content to Gun+IPFS or whatever other plugin to websites deploying Samizdat.Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/49Enable limiting Samizdat to a particular set of locations2020-07-08T16:54:13ZMichał "rysiek" WoźniakEnable limiting Samizdat to a particular set of locationsCurrently once deployed Samizdat will handle all sub-locations of wherever is deployed.
For example, if it's deployed at `example.com/`, it will handle all locations on that domain; if it's deployed at `example.com/samizdated/`, it will...Currently once deployed Samizdat will handle all sub-locations of wherever is deployed.
For example, if it's deployed at `example.com/`, it will handle all locations on that domain; if it's deployed at `example.com/samizdated/`, it will only handle sub-locations of that (ut not, for example, `example.com/non-samizdated/`).
It would be good to be able to configure which sub-locations should be handled by Samizdat. This could be done as a configurable regex in `service-worker.js`Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/48Test and document Samizdat running in subdirectories2020-07-08T16:39:48ZMichał "rysiek" WoźniakTest and document Samizdat running in subdirectoriesHow does Samizdat react to being deployed *simultaneously* in different locations on the same website, especially when it's deployed in both a location and its sub-location?How does Samizdat react to being deployed *simultaneously* in different locations on the same website, especially when it's deployed in both a location and its sub-location?Michał "rysiek" WoźniakMichał "rysiek" Woźniakhttps://0xacab.org/rysiek/samizdat/-/issues/46Research, test, and document if/how Samizdat could be used behind NAT/firewall2020-10-05T17:50:10ZMichał "rysiek" WoźniakResearch, test, and document if/how Samizdat could be used behind NAT/firewallAn [interesting question was asked on the Fediverse](https://mastodon.sdf.org/@Shufei/104469126475735667): could Samizdat be used to host content behind NAT/firewall.
The minimal requirements are:
- a HTTPS-enabled site to kick-start S...An [interesting question was asked on the Fediverse](https://mastodon.sdf.org/@Shufei/104469126475735667): could Samizdat be used to host content behind NAT/firewall.
The minimal requirements are:
- a HTTPS-enabled site to kick-start Service Worker (no need to host actual content there);
- a way to push content to wherever the deployed plugins can `fetch()` it from.
With current plugins this would mean:
- hosting a skeleton site on some public hosting service (GitLab pages, etc)
- figuring out if pushing content to Gun and IPFS can happen from behind a firewall, or if running Gun and IPFS daemons behind firewall works well.
Hypothetically this would be easier with a plugin using anything that does not require a publicly accessible daemon, like pushing content to WebArchive and fetching from there.