I'll put together a design doc when I get back to VMS again. I'm going to let it sit a bit while I ship the next version of beaker.
@andrestaltz That's an interesting idea though 1) analytics has a lot of writes and this adds overhead to those writes, and 2) we can't audit against where data is sent
@dominic Yeah it's a straightforward use of a crypto log. https://github.com/pfrazee/libvms/blob/master/lib/vm.js#L120 Basically we just log all the calls in a dat hypercore (log). Then that log gets replicated out to an auditor and should be hard to lie about as a result. The other magic is replaying the log in a local VM to make sure the script code is actually being run.
Another element, not yet implemented-- I want to have the RPC calls be signed by an EC keypair, and then use the pubkey as the ID. Need a crypto guru to help me get that right, though. Something something replay attacks.
Needs a padlock with green tick logo ;) or what about a weird variant like a lock that is also a smily, or lock wearing sunglasses?
I like it. The user DB idea is pretty interesting too.
I put together a site for nodevms: https://nodevms.com/
NodeVMS is a server which provides external auditability of its state and behaviors using secure ledgers.
# Run auditable services $ nodevms exec ./backend-script.js # Run commands on a remote service $ nodevms repl localhost:5555 # Audit the state and history of a service $ nodevms verify localhost:5555
VMS uses Dat’s secure ledger and files distribution to publish transactions and service state in a public, unforgeable format. Clients can then download, replay, audit, and compare the state of the service to ensure the declared code is being executed correctly.
Check out keyserver.js. It's just 100 lines!
New project: https://github.com/beakerbrowser/injestdb
Accompanying tweet storm: https://twitter.com/pfrazee/status/892442105964113921
Is a database abstraction on top of dat, for beaker apps. Similar raison d'etre as flumedb, but a more rigid execution
The bot could be some non-human ssb account (pub maybe) that publishes messages based on some rules, in reaction (or not) to other ssb messages. The bot's state is a big array reduce of its log.
@andrestaltz that's fairly accurate. I'd like to have live endpoints so that I can get transactional acks.
For use cases like an airbnb, it's still kind of centralized (around the airbnb-bot owner), with the added benefit that anyone can copy (fork) the entire log of that bot and continue from there onwards.
The two centralizers would be the contract owner and the host VM. To deal with the former, you could "disown" a contract by reducing your permissions as the owner. I'm not sure whether the latter has much impact other than who is responsible for contract uptime.
I find it hard to see how would this be different or better than just deducing state client-side ... how is that better than Alice simply running reduce on all state transitions that she and Bob committed? In other words, what value is a Host providing if peers already have verifiable logs?
The value is in providing strict consensus at a live endpoint, without sacrificing auditability or user-authority (via signing keys). Strict consensus makes transactional guarantees possible, as well as broader constraints on state. For instance: with SC you can enforce a uniqueness constraint on something like a primary key.
Client-only can't provide strict consensus past a certain scale; to do it at small scale, they could use leader election. Arguably the blockchains cant scale either, thus this proposal.
There is a ton we can do without strict consensus (obviously!) so with this I'm just exploring, you know, could we get all the toys we want?
Wrote up an idea this morning for running smart contracts on node, using verifiable logs (Dat or SSB would work) instead of blockchains with PoW. https://gist.github.com/pfrazee/bf13db9dea21936af320c512811c2a2b
My profile still works!
To address the devaluation of labor by globalization and robotics, we need a strong downward pressure on cost-of-living (housing, food, higher education, and medicine).
I'd be interested to know how inefficient the housing market is; if you provided perfect supply and reduced the costs of housing down to maintenance, labor, and materials, what would rent / ownership cost?
beaker can now load dat sites with dns entries. Do a dig on the url's txt record to see what's up:
ok when would yall like to meet? I can generally do the same time, different day, on any day
Shiiiit guys, I joined a city sports league that plays on monday nights. I flaked on having us reschedule these calls.
Terrible timing, bc there's lots to share. If I get back during the call today, I'll join. Otherwise, maybe we can do a second call in the week?
The wormhole tool uses PAKE "Password-Authenticated Key Exchange", a family of cryptographic algorithms that uses a short low-entropy password to establish a strong high-entropy shared key.
His slides link, at the top, gives a fast explanation. If this is right, would be great for pairing devices on LANs, or sharing links on conf slides. (Any time you need to dictate a key visually/orally.)