We are looking for security experts to double check/triple check/audit our protocol designs.
So if you know your crypto and you are intimately familiar with Alice and Bob, please lend us a hand and take a look at the protocols. Our discussion forum has a special section for security and protocols where you can post your comments.
From the diagram, it seems they intend to put something resembling a microkernel stack in the browser app, which is a rather odd architectural choice. What exactly do you gain by piecing together low-level components inside the very high-level runtime that is a web browser?
I'm posting this comment from a Chromebook. I'm imagining this could (I haven't gotten through all the marketing yet) be something very similar, which very much is an operating system.
I don't think "operating system" is a particularly technical or well-defined term. It can mean anything from "kernel" to "kernel, userspace libraries, UI, package management / update infrastructure, etc."
Its meaning is only slightly different from "platform", which basically means "any API to which you can program applications."
"Operating system" is a pretty technical and well defined term, you just might not be old enough to know it. :) An operating system is the core that is responsible for operating the underlying hardware of a computing device, upon which everything else is built. If you aren't concerning yourself with device drivers and task scheduling, you aren't building an operating system.
You have demonstrated that you subscribe to the "kernel" definition of an OS. By that definition, calling Windows or OS X an "operating system" is also an abuse, because 99% of what ships on those installation DVDs has nothing to do with device drivers or task scheduling.
Also, by your definition, Android and Slackware Linux are the same "Operating System" because they share the same kernel and drivers.
Which is exactly my point. This term is in common use and means different thing to different people.
> Also, by your definition, Android and Slackware Linux are the same "Operating System" because they share the same kernel and drivers.
Well, no, they don't. Android still uses a slightly modified Linux kernel, and there is zero overlap in the drivers. Also they have fundamentally different approaches to task & memory management at the kernel level.
Pedantics aside it's clear that Avatar is not an OS, not even with the most generous and broad definition. At least not with what little they've said so far. Because what they have so far in their diagrams and minimal technical info is yet another JavaScript framework paired with yet another set of web services around user authentication.
Nope. You can boot Android using a mainline kernel, but there's a lot of stuff that's missing/broken. Like power management.
The Android Mainlining project continues to trudge onward, it's not complete. There's a decent chunk of stuff sitting in staging as well that hasn't been accepted by mainline, but still more that hasn't even gotten to staging. There's also a few things where mainline rejected Google's version and provided an alternative, but Android was never changed to use the new thing (Alarms/Timers fall into this case)
What? This thread started when someone thought that people need stop using this term "incorrectly." I just pointed out that we should take it easy because the term is kind of overloaded in common usage.
I can see an argument that a system like this could be an "operating system" for a high level p2p system. Large swaths of what they are doing are undisclosed, but the object and user management system would make a decent theoretical operating system for decentralized p2p applications.
This looks to be very similar to Freenet[1] - basically a specialized, distributed network that runs on top of the internet but has its own server/client infrastructure.
Does Avatar serve pages over plain HTTP(S) like Freenet, or is there some other magic here?
I think this would be a much more interesting project if it was to put a great interface on top of the Freenet protocol. Encryption and anonymization on P2P is very hard, and building on Freenet as a basis for the plumbing would speed the time to a deliverable and build on existing technologies rather than reinvent the wheel.
Do I understand correctly that browsers obtain source code through bridge (local HTTP server?) from Avatar network or is it downloaded traditionally?
EDIT (from here to end):
to clarify - my question is to assess security of the 'runtime' - if it's downloaded from the server what is there to stop malicious party from compromising the server and sending modified verification code?
Would it be downloaded through the bridge then (and only then) verification with block chain could be done on received updates (providing first d/l wasn't compromised). User browser would then access files exposed by the bridge.
At least this is how I imagine it but the OP overview is light on details.
It's interesting that they're using secp256k1 (as Bitcoin does) for performance reasons (regarding Bitcoin, Satoshi mentioned in early messages that he did choose EC because it would help keep the size of the blockchain not too big). I wonder if Bitcoin's use of EC is "giving a boost" to EC...
Anyway... TFA states this:
"We are aware of theoretical weaknesses in secp256k1"
What are the theoretical weaknesses in EC secp256k1?
I like the initiative to tackle against what the NSA is doing, but I'm seeing many projects that just seem to overdo it.
You will have better results by going out and educating people about how technology works than inventing a internet-obscurity-security sort of thing.
On top of it, if the NSA can detect who encrypts its traffic the most, who use what OS, what browser, if that person has used PGP, etc, it just needs to monitor this person a little bit more.
I don't want to sound cynical, but I wish I could see programmers work on solving real problems, like economical ones: you'll be surprised how miscommunication and lack of information spreading can worsen situations.
Many people seems to criticize facebook, why am I not seeing anyone reinventing the social network ? I'm not talking a website like diaspora or google+, but anything which is designed for making the economy work better. Like a craiglist for masses, but more efficient and relevant.
>"We believe it's not your job to keep track of what social networks your contacts use. With Avatar you simply just write a message and the system takes care of delivering the message to your friend. You can use your Avatar to communicate "cross-border" with other social networks like Facebook or Twitter."
I saw someone mention this yesterday on HN for another service, but I'll say it here. This seems like a huge WTF, as people separate services for a reason. If I want to talk to someone on facebook, I might not via email, or via a different email address to the default. See: Google recently outing a trans person who used different services for different identities.
Can you link to your source code? Have you given any thought to using the GNU Naming System to smooth over some of the usability problems with public keys? Are you familiar with unhosted.org, and their use of Oasis.js to partially solve the problem of running untrusted js in the browser?
We haven't released any source code yet because we first want to make sure our protocol designs are correct. Unhosted is a familiar project and we are currently evaluating multiple options to run unsecure code.
Going on a slight tangent off of jude-'s question, will there be any social or economic incentive for making one's bridge persistent, or capable of holding more data? Or will this rely on volunteer participation, like tor/freenet/etc?
At first it's volunteer but we do realize that incentives are needed and we're working on different models. The long-term goal, which depends on WebRTC maturity, is to have no need for Bridges, because that code would be in the browser OS.
I worry about storage performance. Why use a DHT? Could you get away with using cloud storage to host the signed and encrypted data? Also, are you worried about Sybil attacks on the DHT?
Based on my read through, I think the files themselves live in the bridges and the DHT is how they are found. So you could set up an Avatar bridge in the cloud and use that as your bridge (or put the bridge on your local device and tell _it_ to store/retrieve everything from a network folder).
So, performance will depend on where these bridges live, and how generously provisioned they are. Using the DHT for routing doesn't address this problem, though--requests for hot content will be routed to the same node, regardless of how well-positioned it is to serve requests. Also, what happens to the content when that node goes offline? I skimmed the R5N DHT whitepaper, and while it replicates keys, it's not clear that the bridges replicate chunks.
Do the authors have a plan to address data loss? Do they have a plan for caching/replicating data to alleviate hot spots? Will their replication strategies on read/write objects include a well-defined consistency model?
Their current line is that, with increased WebRTC adoption, bridges will somehow become unnecessary? I'm not convinced, and agree with you that there may be some problems here that will lead to poor performance (which is critical).
According to someone (a developer?) further down this thread, they realize that incentives will be needed for things like this. It sounds sort of like the same problem that the bitcloud people are trying to solve, but to my knowledge nobody has any solid solutions.
Why pay more for a blind CDN when 99.9% of your customers use infrastructure that only require you to use unsecured ones? That shouldn't be a rhetorical question--this is an important issue that needs to be addressed if we want to make the Internet a better, freer, and more secure place to communicate. We'll see if these guys come forward with something that sounds like it can work, I guess.
Avatar is very complex and we were aware that many questions like these would come up. That's why we built a forum just for this purpose, where we can go through all these issues in detail. https://discussions.avatar.ai
This wouldn't be labeled 'sneak peek' if we weren't seeking for security audits and architecture reviews before publishing it officially.
So if you know your crypto and you are intimately familiar with Alice and Bob, please lend us a hand and take a look at the protocols. Our discussion forum has a special section for security and protocols where you can post your comments.
Thank you!