That particular aspect literally is just personal cloud storage, its not distributed.
put it this way: you can spend money for a beefy seed box or on a NAS you need to manage or use a signficantly smaller systems and seed significantly more data. making it easier to maintain your ratio, increasing the available within the tracker of data, etc. And spend less money. That's all I'm willing to say publicly at this time.
People who are eligible and interested (which you arent atm) will be informed of the other details which are far more interesting than these basic aspects.
Primarily because I didnt want to spell it out in a public comm. But here we are.
here is an example case for the people here, obviously the total uplink is a consideration but this is just a demonstration:
with the storage offloading: 3TB costs €4.5 / month + €3 euro subscription.= €7.5.
Cost difference between those servers: €10.8. using the smaller box + what I'm building it'll cost €10.50/month and you'll be able to seed 8TB instead of 6TB. And those economics only improve the bigger the box you're currently using gets.
On top of all that if we can get enough people on board I can do some really cool things around partial seeding of content. further reducing overall costs for everyone and improving the network.
All the while the archive layer will have no idea what data you've uploaded . and you can also upload just misc stuff you want backed up but not shared for far cheaper than the current cloud drive products out there.
You're over thinking it. One itd be fairly obvious if that was happening. Second itd take a fair amount of capital to do it. And finally anarchist tend to fuck shit up when that behavior is seen in our spaces.
up to you! but who best to vent to than someone you dont know and wont be impacted? there are also dedicated support lines for these kinds of things. maybe give them a call?
there is a nice CI/CD system that works locally and at cost hosted runners for personal plans. its very early stage. but i've been using it for my personal projects.
it runs on a virtualization stack, and it can do things like github code spaces + ci/cd + model training. has built in code coverage/custom metrics.
the code spaces bit doesnt work perfectly yet sadly (upstream issues) and mac support needs some improvements.
we all know what you meant. you're just incorrect, your conflating multiple different types of attacks and asserting the one that is easiest to resolve is an equivalent problem. shrug
if the developer of the application is writing malware, its malware end of story. its usually discovered rapidly and people avoid it.
supply chain attacks are harder to achieve (i.e. uploading a tainted binary to a software repository)
curling a shell script is pretty much the easiest target. you have a bunch of randomly setup servers serving a program that literally intended to install software on systems. You now have a large surface area random from typo attacks, to dns poisoning etc.
many devs i've encountered in the wild (FANG/startups/randomly) can barely sort a list without causing problems. so now we have people hosting multiple servers they probably didn't configure correctly. meaning instead of a few centralized repositories we need to secure we now have to trust these individual people have enough technical know how to safely host such a setup.
thats the problem with these setups. its not the developer being a bad actor we're worried about, its the systems they've setup to serve these scripts. with checksums and side channels its easy to validate the resulting binary. which can effectively nips any issues with a compromised repository.
no one is talking about NPM libraries. we're talking about released packages.
you absolutely can ensure a binary hasnt been tampered with. its called checksumming.
you're confusing MITM attacks with supply chain attacks. MITM attacks are far easier to pull off.
Not everything is provided with a package manager
Yes. thats precisely the problem we're pointing out to you. if you're going to provide software over the internet provide a proper package with checksum validation. its not hard, stop providing bash scripts.
How do you know the script hasnt been compromised? Is every user competent enough to evaluate it to ensure its safe to run?
Using package managers to handle this provides a couple things:
First: most package manager have builtin mechanisms to ensure the binary is unmodified
Second: they provide a third party validating them.
because many people are uncomfortable with change and having women suddenly appearing more frequently thatn their use to upsets them. You'll find this fear of the unknown a very common source of much stupidity.
You're not over reacting. It is that fucked up. welcome to the insanity.
That particular aspect literally is just personal cloud storage, its not distributed.
put it this way: you can spend money for a beefy seed box or on a NAS you need to manage or use a signficantly smaller systems and seed significantly more data. making it easier to maintain your ratio, increasing the available within the tracker of data, etc. And spend less money. That's all I'm willing to say publicly at this time.
People who are eligible and interested (which you arent atm) will be informed of the other details which are far more interesting than these basic aspects.