Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preventing modified GDS #26

Open
sternenseemann opened this issue Oct 30, 2013 · 7 comments
Open

Preventing modified GDS #26

sternenseemann opened this issue Oct 30, 2013 · 7 comments

Comments

@sternenseemann
Copy link
Contributor

It could be a huge Problem if GDS-Instances get modified to harm the whole GDS-Network.
We need a good way

  • to check if a GDS Instance is modified
  • or to announce when there's a GDS Instance which does bad things (can also be missused)
  • or to prevent that modified GDS Instances can harm the network
@lukasbestle
Copy link
Member

You can't prevent this.
It will be most likely open source - so people will always find a way to modify a GDS instance but they will also be able to modify the "instance is modified" service. This means that you can't know for sure if a GDS instance was modified.

In which ways could a modified GDS instance harm the network?

@sternenseemann
Copy link
Contributor Author

Mentoring Servers for Example, as you already wrote

@lukasbestle
Copy link
Member

Mentoring Servers are servers you personally trust.
I guess you can't always prevent that stuff to happen, but these will automatically sort out in a big community of good servers.

@sternenseemann
Copy link
Contributor Author

Another Strategy is that we'll solve this Problem when it's there. I think that this Problem will appear...

@lukasbestle
Copy link
Member

It will happen - but the question is if it has to be prevented.
Maybe it will solve itself, we don't know yet. So I agree with you: We will need to wait. :)

@augustl
Copy link
Contributor

augustl commented Oct 30, 2013

I hope that GDS ends up being a whole lot of protocols, and a "reference" implementation to go with it. I think it's important that other programmers should be able to write their own implementation of GDS if they want to. For example, let's say Google wants to provide GDS as part of a Google account. Or your ISP, as part of your subscription. I think it would be great if this was possible.

If that's the route GDS takes, modified GDS is a feature, not a problem :)

@waaaaargh
Copy link

With decentrality come issues with trust. Developers of competetive online games know this issue too well - You can't trust anything that comes in over the network.

One notable exception are 'trusted friends' that a instance owner trusts with defending their instances against malware and not expoiting that trust.

From a security standpoint we should be very careful to not expose potentially harmful RPC interfaces to untrusted instances, one example of which is a proposed solution to the "instance discovery" problem that proposed to "ping" a GDS instance and notify other known instances. How could a potential attacker exploit this: "Wow, there's a GDS instance over there at example.com, you should totally check that out!" protocol messages to let's say a million GDC instances could be enough to crash a small instance on a cheap VPS.

tl;dr: security should always be kept in mind when developing decentral applications.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants