General

Glasgow University Students To Use The SAFE Network

Since its inception in 1451, Glasgow University has built a worldwide reputation as a centre for innovations which have had a profound effect on the world. Its famous alumni have included John Logie Baird, Lord Kelvin and Adam Smith, whose global impact has left a lasting impression on the world we live in today. Continuing the trend, Glasgow University Computing Science Students will be exposed to the latest in decentralised networking technology as MaidSafe’s SAFE (Secure Access For Everyone) Network puts them at the forefront of research and development into next generation Internet applications.

Students within the computer science department, under the guidance of Dr Inah Omoronyia, Lecturer in Software Engineering and Information Security, will work with the MaidSafe team, led by Scottish Engineer David Irvine. They will provide students guidance in building apps on top of the company’s platform, a secure and decentralised data and communications network that replaces the world’s data centres and servers with the spare computing capacity of the networks users. This comes at a time of great debate about the future of the Internet with leading academics, including the founder of the worldwide web Sir Tim Berners-Lee, seeking to improve the security and privacy offered to users.

The SAFE Network provides a zero cost infrastructure for students and the current APIs enable the creation of storage and email applications. This functionality is laid out to developers in tutorials created by the company, and this will be expanded over the next few months as MaidSafe release tutorials every 2 weeks, providing increasingly more complex functionality to application developers.

MaidSafe CEO, David Irvine, commented on the partnership; “We are delighted to be working with a university with such a rich heritage and we very much look forward to using the applications created by their students. Where better to push the envelope of evolutionary thinking than the country that Voltaire opined “We look to Scotland for all our ideas of civilisation”. Glasgow University has an excellent opportunity to be at the forefront of research and development in the field of Internet technologies, alongside the likes of MIT, which will further enhance its reputation – and that of Scotland – as a source of cutting edge innovation.”

Glasgow University has one of the leading computing science departments in the UK and is ranked amongst the top 100 in the world. Lecturer in Software Engineering and Information Security, Dr Inah Omoronyia confirmed “It’s a great opportunity for our students at Glasgow University to get hands-on experience with building apps for the SAFE network. Security and privacy functions is now core to modern day software systems; our students are really excited to learn new ways of building such systems using cutting-edge technology.”

MaidSafe Announces Equity Funding Round on BnktotheFuture

We wanted to share some next steps for MaidSafe and the future of the SAFE Network. On September 12th we will be launching an equity fund-raising round with BnkToTheFuture, a leading global online investment platform for qualifying investors. MaidSafe is looking to raise between £1.75m and £2m during the 30 day campaign.

Next steps

This is an important step for the company and the future of the platform coming on the back of the recent release of the SAFE alpha. We are delighted with the positive feedback we have had to date and the strong support of our community has been hugely important to us. We see this funding round as critical as we move to the next stage of development so we wanted to explain why we think this is the best way forward.

As you know launching the alpha is only one of many steps on our journey. There is a lot of work to do to build out functionality and create a robust platform that will attract users and application developers. That means we need to continue to recruit the best developer talent from around the world and build out a developer programme to support the growing interest in building on the SAFE Network. We will also be looking to develop our own applications, because we do see commercial potential for us as well as for the broader community.

Why BnkToTheFuture?

We have chosen BnktotheFuture for a number of reasons. They have a large online community of qualified investors, interested in the decentralised technology sector. There is a strong relationship with the crypto-communities, which is important to us, and investors will be able to invest in both traditional currency, bitcoin and even some of the more liquid altcoins like Ether. Above all it also means we will remain in control of our strategy and roadmap, which is really important to us as we want the SAFE Network to be available for everyone to use and develop on. This is why the core code-base is open-sourced, to encourage the establishment of a strong community around the technology. Furthermore, we have transferred the core intellectual property (IP) to a Scottish charity (The MaidSafe Foundation) to help ensure that MaidSafe is not seen to benefit unfairly from ownership of the network (although we hold a license in perpetuity to allow us to utilise and license the technology to partner companies).

We appreciate all your support so far and hope you will see this news as further evidence that the SAFE Network is on the fast track to becoming a viable alternative to today’s insecure, unreliable worldwide web. With this investment round we are seeking to accelerate progress further by adding functionality and working towards the beta version and beyond. I hope you will continue to contribute to this exciting journey, because we believe a secure, decentralised approach to the internet will present huge opportunities for users and developers alike.

SAFE Network Alpha Release

After 5 months of testing and 8 test nets it is our pleasure to announce the immediate availability of the alpha release of the SAFE Network. This represents another significant milestone on the way to creating a new, decentralised Internet.

Launcher and demo app

The release is available Windows, Mac and Linux, and comes with 2 components, the Launcher and the Demo App, each with their own installer. You can download both from the alpha page of our website.

The Launcher enables users to create their own account and access the network without providing their credentials (comprised of an account secret and account password) or giving third party applications access to them. This secure gateway enables users to stay in control of their details.

The Demo App must be run alongside Launcher and enables users to create their own SAFE webpage and public ID, store and retrieve private data and share public content. Users can also upload and host existing websites on the SAFE Network without charge.

This alpha release is focused on use of the client software. In a couple of weeks we will provide Vault installers to enable users to contribute their own computing resources. Running 2 parallel networks will enable us to provide a more stable network for end users and app developers, while also enabling ongoing development of the vault, which has a much more active code base at present. Once we are happy with performance, we will revert back to having one network.

As with any alpha software caveats apply to this release and users should be aware that data on the network will be wiped from time to time and there is a possibility that your data will be lost.

Not just for end users

The demo app is the first of several apps currently under development and with an updated release of SAFE Launcher APIs we anticipate that this list will increase in the coming weeks and months. We encourage any developers thinking about creating an app on the network to get in touch and we will help in anyway we can. In this vein a new developer focused SAFE Network forum will be launched next week, more details to follow…

Onward and upward

This is the first of several alpha releases that MaidSafe will make. Future versions will improve performance and increase stability, combine the Client and Vault networks, as well as adding features such as; contact management, messaging, test safecoin and safecoin wallets. More information on our rollout strategy is available here.

This is an incredibly exciting time for MaidSafe and the SAFE Network community. There is a growing movement to return to the original principles of the open web and decentralise the Internet. We believe our technology can contribute to this initiative and that is why we standby our vision to open source the technology so that all users and developers can benefit from it. We believe this is essential to fulfil our commitment to develop a decentralised network that gives users back control and offers far greater protections than today’s Worldwide Web.

Of course, we could not have got this far without the support of all our shareholders and community members. Thanks for all your help, we hope you enjoy the alpha and we look forward to hearing all your feedback! With your input we will iterate the network as quickly as possible to improve it and bring new innovations.

1.1 Billion Reasons Companies Should Encrypt Our Data

As the media pick through the details of the latest large, embarrassing and costly data theft, the current victim, TalkTalk, a UK public telecommunications company, are set for a difficult few months. With revenue of almost £1.8 billion, the company have had an as yet unknown number of their 4 million UK customer details stolen by a perpetrator that ranges anywhere from a 15 year old boy to Islamist militants, if recent reports are to be believed.   

While the post mortem that follows will likely establish the details, the company has already admitted that some of the stolen information was not encrypted. While this was clearly lax for a company that that has been targeted by hackers 3 times in the last year, it seems that under the UK’s Data Protection Act theyare not legally required to encrypt data. The specific wording of the act suggests that firms need only take ‘…appropriate technical and organisational measures…’.

Senior director of security at Echoworx Greg Aligiannis advised “The most concerning revelation from today’s news is the blasé approach to encrypting customer data. Security of sensitive information must be considered a priority by everyone, especially when the life histories of potentially millions of customers are at risk.”

ID-100304695TalkTalk are not alone, research by security specialists Kaspersky Labs suggest that 35% of companies worldwide don’t use encryption to protect data. Surprising given the harsh penalties for breaches. IBM estimates that the average data breach costs $3.8 million, with an average cost of between $145 and $154 per record, not to mention the untold damage to the reputation of the companies affected. When we consider that there were an estimated 1.1 billion records exposed during 2014, we can start to realise the extent of the problem.

With such significant repercussions for being hacked, one must question why encryption technology is not used more widely.

In almost all cases cost will be a factor. Encryption is not cheap. Procedures need to be implemented and maintained by specialist skilled staff and then rolled out through often very large organisations. Asset management, access controls, security incident management, compliance…etc…will all drive the cost, as will new hardware, such as encryption servers. Complexity is another issue that raises many questions: how will the encryption keys be managed? do we let our employees bring and use their own devices into the work place? is the chosen encryption solution compatible with other systems? and what about mobile device management? 

With the number of breaches rising every year and no legal obligation for companies to encrypt our data it would seem that we as individuals need better solutions. For storing data on cloud providers, for example, client-side encryption has existed for sometime that enables users to encrypt their data before it leaves their computer, meaning that companies like Dropbox or Google can’t read your data, although they can delete it. Similarly, the self-encryption component within the SAFE Network also encrypts all network data prior to it leaving the users machine and does so automatically as they upload a file.  Providing encryption that is easy to use and user friendly is surely the key to its wider use. 

However, as good as tools like this are for the storage of our files, we are unfortunately still reliant on companies to look after our personal information and bank account details as things stand. Legislation needs to be tightened up that pushes companies to be much more accountable and responsible with our data. It should demand that not only is our data encrypted, that sufficient policies and procedures are put in place to maximise its effectiveness, as without these, even the strongest encryption can be rendered useless. Providing a high level of data security is simply the cost of doing business, not a nice to have feature.

Events like the TalkTalk hack should also remind us how nonsensical recent Government suggestions that we should ban or attempt to weaken encryption are. It is one of the best lines of defence against adversaries and with its use in all types of commerce, underpins the global economy. 

Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net

The Ants Are Coming!

It is fair to say that MaidSafe have been fairly quiet in our communication of late, not a complete radio blackout, but certainly low key. This has been intentional on our part. Communication can lose its meaning and impact if you shout about every little thing. We like to keep our powder dry, as they say.

But, now we have something meaningful to convey!

I want to bring everyone who is interested up to speed with what we have been doing during 2015, specifically the past three months, which have been some of the most transformational in MaidSafe’s nine-year history. We do make weekly dev updates on the community-run forum, but these can be pretty technical, and not everyone can get a full picture that way. So I will try and condense these points into as limited an amount of technical language as I can muster.

Rather than starting in early 2015, however, we will start this post at the present day. (I’m a sucker for Quentin Tarantino films and it will hopefully make for a less laborious post!)

Early(ish) on Friday (26th June) morning, the tireless MaidSafe dev team managed to get the SAFE Network functioning from end to end. This means that a User is able to self-authenticate (create their own username and password, and access the network without the permission of a third party) using the Authentication API via the SAFE Client. During the process, the network’s transport/connection layer (Crust) connects the peer nodes, allowing Routing (the layer that verifies the identity of each node cryptographically) to establish and maintain connections to other network nodes (for more information on how all the components fit together, please visit our wiki). The clients were also able to PUT (store) and GET (retrieve) data.

This is a phenomenal and long-sought achievement for everyone at MaidSafe, and is truly a major milestone ticked off. Yes, we have had an operational network before, but never one so stable, efficient or lacking in complexity. This lack of complexity is a very good thing and something of a personal mission for David. A significant reduction in the lines of code (from hundreds of thousands to a few tens of thousands!) not only enables new network features to be added much more quickly, it also makes it easier for bugs to be spotted and for other projects to utilise our code, much in the same way that we have employed the code of others. Open source collaboration is truly a wonderful thing to be a part of!

This new chapter in our development progress all started back in early February when David, again desperate to reduce complexity, spotted a pattern in the code, a repeatable and describable pattern that kickstarted the simplification of the decision-making logic within the Vaults (the series of processes that help look after all data on the network) and also improved network security. You can read David’s detailed blog post about it here.

Soon after, heavily frustrated by the speed at which we were developing in C++, we started looking into ways to speed up development without a reduction in code quality, surely the holy grail of software development. After much research, David became increasingly convinced that a new systems-level language, Rust, had something to offer. In his spare time (between about 2 a.m. and 5 a.m.) he started transposing one of our most complex libraries, Self-Encryption (the component that seamlessly splits data into smaller chunks and encrypts them), over to Rust, which at that time wasn’t even in Beta yet. This was very successful and fast! David followed a similar process with MaidSafe’s Routing library. With another successful test complete our development team was split for a few weeks while the core team remained in C++ and another team started transposing the rest of the code.

This was a risky and scary time. To split the dev team at a period when we were under significant pressure to produce a stable network seemed counterintuitive. But thankfully, going backwards to move forward paid off, and without this change there is no doubt in our minds that we would not be where we are today. It is not the intention to go into detail here about how and whether Rust is better than C++. For debates on that subject you can check out some of the threads on the forum and elsewhere. I think that is a debate as contentious as GPL vs MIT, or even Borg vs MacEnroe, fun to debate but don’t expect consensus any time soon. All I can say is that it’s working for us and allows us to iterate quickly, be more defined with our tasks and be more definitive with our timescales.

During this time we also realised that we needed to be more third-party-developer focussed. And that doesn’t mean being more open with our development process; we’re pretty open already. Rather, it means organising our libraries in such as way that they can be picked up and used by any third-party developer without being heavily coupled to other libraries. In addition to whatever assistance this gives to other projects in the open-source community, this helps Project SAFE in two specific ways: first, allowing external use of these discrete libraries helps validate their functionality in a variety of different projects; and, second, it allows us to demonstrate, at a library level, that each component of the network carries out its desired function.

So, beginning in late April we started to release each of the component libraries as console apps, essentially providing the libraries functionality with a text-only interface (such as terminal in mac and linux, or the command line on Windows) rather than a Graphical User Interface. The first console app was Self-Encryption, and since that time we have also released Crust and Routing. All MaidSafe libraries are published on crates.io, where a stable release of each library can be used by other projects, and dependencies known (dependencies are the other programs that the library relies on to run). This process is not only useful for third-party developers, it also gets the MaidSafe team into a habit of delivering working code regularly and in a routine way.

We have found that this more modular and more approachable way of working has led to many more developers committing code to the repositories, and it is valuable code. Such is the desire for this network, and also the desire of people to try Rust. We will accommodate these desires and pay anyone who contributes to our code sprints, starting from this upcoming sprint (we will update everyone on the bounty scheme next week on this blog). We anticipate this will give us better code faster and with a more engaged and willing community, the impact of this cannot be underestimated. This is an area we will work hard on, to ensure the community is well-rewarded and recognised for contributions, as we feel they should be.

So, now that we have a running and more stable network than we have ever had before, what next? What does the future hold? Well, we can look to our roadmap for the answers. In the very near future (in the next couple of weeks), we will be releasing installers to enable users to download and run a SAFE Network locally on their individual computers. Beyond that our next development sprint will start week commencing July 6th (probably lasting for around three weeks) and though we are still mapping out specific objectives, this sprint is likely to consist of some or all of the following:

  • Further implementation of safecoin (some work here has already started)
  • Implementation of messaging infrastructure
  • Remove Transaction Managers (reduce complexity, code and increase security on the network)
  • Implement App Launcher infrastructure (enables secure login to third-party apps without the App Developer getting visibility of a User’s credentials)
  • Implement cross-platform/cross-network/multi-protocol network connections (everyone can run farming Vaults at home or in any network)
  • Implement POSIX disk interface (any app can treat the network as a local hard disk)
  • Implement public names and shares ( SAFE version of www, email, DNS and more)

From there we should quickly (hopefully within 2 sprints) see the delivery of Dev Bundle 2. This iteration will provide a network where Farmers can start to contribute resource and have this measured, where developers will be able to access and utilise stable APIs and start to build applications that everyone can use. These apps might be simple at first, such as encrypted messaging and data storage apps, but in a short space of time will have the potential to develop into anything that can be done on the existing web and beyond. We will possibly split out Dev Bundle 2 on the roadmap so that some of what is currently listed will become Dev Bundle 3. This way the deliverable of each feature focussed sprint will be an updated bundle.

So, this recent development milestone is hugely significant and we are very close to delivering the SAFE Network, something that the world would seem to need even more than it did when David started this journey nine years ago. We will continue to keep you all updated via the forum and this blog.

Thanks all, for your continued participation and support.

Net Neutrality and the SAFE Network

Per Wikipedia, “Network Neutrality” is the principle that all Internet traffic should be treated equally. Essentially, the concept calls for a level playing field for all users, whether they be individuals or providers of high-bandwidth services like Netflix, HBO, etc., or whoever.

From an egalitarian perspective, the answer as to whether net neutrality is a good idea or not is easy: of course, it is good.

From the perspectives of companies which wish to provide high-bandwidth services, as well as the customers who are willing to pay extra to receive those services in the best possible quality, the answer is not so clear. Why, for instance, can’t such services as Netflix, and thus the customers who use them, pay more so that high-access-streaming channels can be built up, taking traffic off of the other lines, thus being better for everyone? Whether this is a legitimate characterization of the argument or whether that’s how it would work out in the real world, one can see that the subject is a little more complicated than the simple idea of equal treatment. And it’s a lot more complex than that, even on a technical level.

Throw in the power (and corruptibility) of government agents, the obligation of service providers to make a profit for their shareholders and thus purchase government agents to gain advantage, the carelessness of the general population to pay attention and judge a complex issue, and all the other factors in the mix, and we’re left with a frustrating mess that seems to have no solution. I, myself, can and have argued the matter from both sides with equal passion.

But what if we take a few steps back and look at the assumptions which might be making all this truly unresolvable based on the current debate? Let’s try.

Let’s start by going all the way back, to consider what the nature of a truly neutral medium would have to be.

Put in somewhat simpler terms, let’s look at net neutrality as the effort to arrive at a truly neutral medium, in which no one is discriminated against BY THE MEDIUM ITSELF based on the quality or quantity of the communication they wish to engage in.

To get an idea of what I mean by this, let’s draw a comparison to another vital medium through which much communication travels, with which we all have vast experience, and which is a truly neutral medium: air.

You and I can stand across from each other and say whatever we like, be it loving or vile, and the air does not care. The air dutifully does it’s job of passing the sounds along from place to place. I can shout to a vast audience, or equally from a lonely mountaintop in a vain (or not) attempt to be heard by the gods: it’s all the same to the air. I can throw flowers or paper airplanes or bullets and the air can have no moral judgement as to which should pass and which should be stopped. There are only the physical dynamics of the different objects, velocities, temperatures, etc., which determine the flight of each. The air does not have the ability to say, “The flowers are good, so they should have easy passage, but the bullets will only be passed on slowly and reluctantly, if at all.”

Now, if you insult me deeply using the air as a medium, I may decide to retaliate with a blow to discourage you from doing so again. The air will discriminate towards my response only based upon whether my hand is open or closed, the slap coming slightly more slowly because of the difference in air resistance. If you insult me from cover, disguising your voice, I’ll have a harder time discouraging you, but the air doesn’t know or care.

The air does not discriminate as to who breaths it. Saints and sinners, people of peace and war, good intentions and bad, all breath it with equal ease, depending upon their capacity.

Perhaps you get my point by now. In our current society what we commonly refer to as “the Media” is not such a neutral scene. It is common knowledge that news organizations have had a stranglehold on the dissemination of “news” and have used it for decades, in conjunction with government and corporate interests, to color the view of the world for populations at large—i.e., propaganda. This is basically because the means of communication have been very centralized and subject to control. Radio waves are neutral media, but access to them by the general population has been limited by both technology and (more profoundly) centralized political and economic force.

The Internet, as it has come into use, has served as a much more neutral medium. Currently, legacy news and propaganda channels are dying the slow death, as upstart bloggers and videographers apply “death of a million cuts,” exposing their biases and agendas, and delivering information that users find more relevant to themselves and more truthful. Politicians and others in positions of power are losing ground as the power has shifted toward individuals, who can more easily determine when they are being lied to.

But the current structure of the Internet, while better in many ways than anything which has existed before, does not make for a truly neutral medium. Actually, while it makes the shift toward individual freedom of expression much more accessible, it also exposes the individual to liabilities which have never been faced before in all of human history. Exercise of the apparent freedoms comes at the expense of privacy and security of the individual, which ultimately undermines the very freedoms which are apparently being gained. Predictive technologies based upon all the data gathered on individuals and groups make the possibilities of social manipulation and control ever more possible by fewer and fewer individuals.

One doesn’t have to look further than the vast revelations which have been made in the last two years by way of Edward Snowden’s disclosures (whether you gauge them heroic or sinister) to appreciate the velvet glove and iron fist with which the surveillance corporation/state is enclosing the broad population.

There is an apparency of great freedom. But at what cost and how true is that freedom?

(I’m reminded of the great cultural revolution in China, in which Mao said “Let a thousand flowers bloom.” Dissidence and counter-revolution were, for a time, encouraged. Then, once the the trouble spots were identified, millions lost their lives. I’m not suggesting that this is necessarily the course of western civilization, but there is a very large history lesson here to be considered.)

So, let’s look back now on the concept of net neutrality. Is net neutrality even remotely possible with the current structure of the Internet? Are we dealing with any sort of neutral medium? I’d have to say no. Therefore, all the social uproar and political action to get agencies and companies to play nice is of little if any use.

Bitcoin and a number of other decentralizing technologies show some hope, but I’d have to say that they are well behind the curve and are likely to be of only marginal utility in securing greater actual freedom for individuals.

Enter the SAFE Network.

Now, I could easily, and justly, be accused of being fanciful on this score, since the SAFE Network is yet to go live and prove itself. But I can’t help myself. The promise is too great and the vision too clear to let these things sit. The more people who see the vision and help bring it to fruition, the better. Even if we fail.

So, before we examine the SAFE Network, let’s look back at the concept of a neutral medium and examine what the elements of a neutral data storage and communication network would have to be.

1. Secure by default. Anyone who accessed it would be able to do so without compromising their financial or data security. This means that individuals would also have complete personal responsibility for their personal and financial data. Sharing it would be an explicit choice.

2. Privacy by default. Anyone accessing the network would be able to have confidence that whatever they did on the network would be completely private, by default. Any choice to share any private data, even their identity, would be an explicit choice. The exposure of private data shared with another person or group would be limited to the worthiness of the trust placed in those receiving that data. Ideally, there would be capabilities of proving valid identifiers cryptographically without having to share actual identity details, unless necessary or desired.

3. Broad access. It could be freely accessed by individuals with very little technical barrier, and no one could deny use of the network if the individual could pass those technical barriers (i.e., a computing device and internet access).

4. Morally neutral. The network could not be subject to central control as to who uses it or the content of the communications, or data stored or retrieved. (Parallel to the air analogy.) The network would handle all of its standard functions of passing and storing data particles with no means of distinguishing amongst them, except to know what to do with them. This would require that the network be composed of nodes provided by users on the assumption that to have the sort of network desired, it is necessary to supply resources to the network to accomplish its purpose, rather than trying to control it.

5. Resistant to compromise. If compromised, no node in the network would be able to adversely affect the operation of the network at large. If it were compromised, it could reveal no useful information about the network itself or its users.

6. Scalable. Heavy demand for particular services or items would not require the building of separate centralized infrastructure, or use of methods which could discriminate for or against certain traffic. In other words, for a website or video or service which is in high demand, the network would simply deliver it up faster, the more demand there was, and then return to more usual handling when demand slacked.

I’m sure there are other attributes which could fit in this picture of a factually neutral Internet structure, but that’s probably enough to make the point.

These characteristics, and many more, actually ARE characteristics of the SAFE Network as it has been designed and proven-out over the last nine years by the folks at Maidsafe.

Will it work as the design and tests so far promise it will?

Will it fulfill the promise perceived by supporters like me?

Will it, in fact, be a truly neutral medium, where “net neutrality” can actually exist?

We will soon see.

This article was reposted with the permission of author John Ferguson. The original can be found on his site The Crossroad of Project SAFE.

Fraudulent MaidSafeCoins

It has come to our attention that fraudulent MaidSafeCoins are currently being traded online. This is clearly unfortunate and is not a problem specific to just MaidSafe, we have heard of other organisations that have experienced similar issues. Despite being designed for legitimate use, some platforms, such as Counterparty, enable users to create fraudulent assets, or coins. As many of these networks are decentralised, and to some extent anonymous, it is not possible for the fraudulent issuance of coins to be banned or stopped.

As the following article points out, there are ways to determine if coins are counterfeit. Our recommendation is that that users looking to acquire MaidSafeCoins do so only via recognised exchanges, such as masterxchange or Poloniex.

This will be a temporary issue as once the SAFE network goes into beta, MaidSafeCoins will be traded on a 1:1 basis for safecoins. Within SAFE, only the network is able to generate new coins.