$echo 'agdkjagka' > test
$ipfs add test
added QmTtmsSSTH5fMQ9fn9NRXWtcZXnBBazxR8fidXcE5KB76h test
$rm -R ~/.ipfs
$ipfs cat QmTtmsSSTH5fMQ9fn9NRXWtcZXnBBazxR8fidXcE5KB76h
Error: merkledag: not found
You shouldn't read "permanent" as "eternal", but as "not temporary" --- in the same sense as "permanent address" or "permanent employment". HTTP is temporary in the sense that you're relying on a single server to actively continue serving a file for it to remain available. IPFS is permanent in the sense that, so long as the file exists somewhere in the network, it will remain available to everyone.
Edit: If you want to ensure your content remains available, you still need to host it somewhere (your own server, convincing/paying someone else to, etc). IPFS isn't so much about storage as it is about distribution.
http://filecoin.io/ < built by the same guys behind IPFS and meant to be used together
Disk space is one parameter of the equation though. Bandwidth and uptime should be considered too in order to estimate the effective amount of resources a node adds to the network.
edit: surely that's been done before?
IPFS doesn't download anything to new peers, unless the new peers ask for it. That way each node owner can control what's on their node.
But say if popular browsers by default used IPFS as a cache, that way if the original publisher goes away the content could live on, as long as the content is popular.
That is my main issue with the way IPFS is being marketed, as it were.
It is not a "Permanent Web" if the only content that is permanent is popular content. Old links will still break, because old links are generally less popular. Old websites will simply vanish, even ones that are otherwise maintained on the current web.
In particular, applications like this post itself, that are part backup part publishing, aren't great applications of IPFS because your images are just hosted off your home internet connection. Power outage? No data. ISP issue? No data. Hardware failure? Hope you had a real backup. Basically, why would I choose IPFS, which is in this case equivalent to self hosting, over flickr, instagram, etc?
Edit: I'd be remiss to not refer you to toomuchtodo's comment below. Were a service like the Internet Archive to take part in IPFS then it would help with some of my above concerns. However, it's not really IPFS that is making the permanence possible so much as the Internet Archive in that circumstance.
So, were we to have IPFS support directly in the browser, every time you or I take a look at the pics in a thread, for example, we'd be contributing to the effort to keep things on the IPFS network, to our nearest local trusted peers, for as long as the subject is relevant.
So, your typical net forum, whose members are dedicated to the subject, would communicate about that subject a such, and in so doing .. perpetuate the network.
Yes, the IPFS web has to be tended. But so do your servers. Your servers will die in an instant if 10 or so people die, in an instant (extreme case), or for any one of a thousand different - social - reasons. In this case though the technology is aligned; the load of supporting an IPFS web is being distributed among people whose interest supports the subject, instead of the centralized, sysadmin-with-keys-of-godlike-power. This de-centralization should be considered an attack on devops. IPFS means that the admin of establishing a distributed content delivery system capable of scaling to load, no longer requires an admin. The user is the admin.
Personally, I'd like to have some data backed up in several places and have links that don't break. IPFS allows for that.
Flickr sells up and goes down? All the links to images break.
> However, it's not really IPFS that is making the permanence possible so much as the Internet Archive in that circumstance.
Both, surely. The major thing that IPFS also allows is backups of the IA without any single person needing to be able to host absolutely everything.
You are right though, there is a big difference between allowing permanent backups and guaranteeing them.
Not really. Today, a website needs to be maintained by the original host or it goes away. If IPFS were used, the same site would need to be hosted by the original host or any other interested party.
If absolutely nobody else is interested enough to host it, the original host can continue to do so, and the site would be in the same situation as today's sites: hosted by one node.
>In particular, applications like this post itself, that are part backup part publishing, aren't great applications of IPFS because your images are just hosted off your home internet connection. Power outage? No data. ISP issue? No data. Hardware failure? Hope you had a real backup. Basically, why would I choose IPFS, which is in this case equivalent to self hosting, over flickr, instagram, etc?
While I haven't looked at the source code, I'm fairly certain ipfs.pics is uploading the photos to their servers as well. It's effectively a Flickr-type site using IPFS as the backend, with the added benefit that the photos may still be available somewhere else if their servers disappear.
Note to self: Build an S3 backend/gateway/persistent-store-of-last-resort for ipfs.
I suppose you could argue that nonvaluable content would vanish over time justifiably, but then it's not really a, "Permanent Web."
Edit: Apparently I can't reply to your reply to this comment, but thanks for the link. I hadn't seen that.
I suppose `Content-Location` could be used as well, but I don't know how well browsers that don't understand the `ipfs:` scheme would react to that, although the spec doesn't preclude non-http schemes used in the URI.
It'd be an interesting experiment anyway, and could be a boon to adoption of a distributed system like IPFS.
You need a third party to request the data and not leave the network to keep the data around.
Given either the third party reliably remains in the network (e.g. the Internet Archive) or you can consistently get new third parties to request the data and cache it then it will remain in the network. The latter does not seem particularly reliable to me, however.
Now as long as at least one device is up (and has the content), you can bring backups on-line easily. And as long as at least one server is connected to IPFS other nodes can get the content, and in theory, any spike in popularity will get distributed and cached "suitably".
An added bonus is that if you publish something like a controversial, but popular, political blog post/expose, and some government throw you in a hole that officially doesn't exist -- your readers, if they're on IPFS, will maintain an active backup of your content by virtue of reading it.
This is a lot more convenient than someone having to explicitly spider it etc (although a combination would probably work/be good idea -- eg: an IPFS "dmoz.org" where authors could register content index-pointers for others to spider/download into their IPFS nodes -- and index for search).
That said, I think systems of this nature are worth pursuing and perhaps IPFS itself can be improved for more general purpose use cases. For my part, I think it'd be awesome to be able to write some html, css, make some images, `ipfs add ~/website` and then be able to link anyone my content and have reasonable guarantees of it's existence for the rest of my life. I can host my own websites, but it's not a particularly enjoyable experience.
> This is a lot more convenient than someone having to explicitly spider it etc (although a combination would probably work/be good idea -- eg: an IPFS "dmoz.org" where authors could register content index-pointers for others to spider/download into their IPFS nodes -- and index for search).
IIRC it's possible to follow announcements of new hashes on the network and retrieve them automatically. I picked this up from #ipfs on FN, I believe, so I'm not 100% sure about it. Doing that would make an IPFS search engine fairly robust (and interesting to build, actually).
I really want to build something like this, just haven't had the time to do so.
I'm not sure if forcing a full download of the whole file is a waste of bandwidth, or a clever way to force the person adding a file to the cache at least perform some effort by "using" the same amount of incoming bandwidth as the cache nodes would have to on the back-end.
My initial thought was that such a system should allow "seeding" the cache by simply sending a HEAD or similar request...
I consider this a feature, not a bug.
EDIT: I'd encourage the HN community to look past the technical merits of the code, and focus on the idea presented (and even perhaps fork and contribute back an improved version).
Attacker sends you harmless looking link to a page that contains some invisible JS that sends a request to localhost and pins kiddypon on your IPFS node.
Attacker then sends the police to you.
That's a very big "if" right there. The same could be said for nearly every security flaw ever—if it were programmed correctly, it wouldn't be a security flaw. The reason people harp on prepared statements is not because you can't be secure without them, but that it's much easier to be secure with them. One you have to think about all the time (do I need to escape, do I not need to escape), while the other is almost completely secure against SQL injections by default.
Same thing with using system() vs execve(). One is a minefield of quoting issues, the other has none.
 Or multi-arg system(), like in Perl or Ruby.
It's really easy to program them incorrectly, and as a result the approach is less secure than just using prepared statements.
There does seem to be a "cargo cult" attitude to PHP amongst a large part of the tech sector.
I just think that languages like c and especially c++ do not get their fair amount of laughter, that php gets.
PHP adds complexity and therefore adds fragility and insecurity. Running PHP ipso facto adds insecurity to an environment.
There are many ways to do web programming that do not add server daemons or listening ports, or long running processes, or additional logins, passwords and management interfaces.
The difference here is that the content you're opting in to rehosting is sitting in cleartext on your machine. So it's not blind, per se; you can delete (un-rehost) whatever you don't want to be there, or run a nudity detection algorithm (yes, those exist) to automatically prevent re-hosting of any porn, etc.
Edit: I stand corrected. But still not easy, I think.
It's only hard if you don't know the content. Freenet uses Content Hash Keying, where the file is hashed and the hash is used as the encryption key (so only people who either know the hash or have the file can request it).
If you have a list of cleartext files or hashes, it's not very hard to check if those are hosted on your node.
That brings up an important point, though: you can make your system partially decentralized, and gain many of the benefits of a totally centralized system with a fraction of the complexity.
That some/many organizations tend to centralize parts of Git, doesn't mean that Git itself is inherently centralized.
A Sybil attack can be seen as either a censorship problem, or a trust problem. As long as you are careful how you add new members, such a system wouldn't be at all vulnerable to a sybil attack.
It's more difficult to keep them clear of spam, but hardly impossible. You can run spam detection on every client. You can require some obstacle to posting content (proof of work, or maybe payment of 10 or so microbitcoin). Most effectively, you can design your systems to allow for distributed moderation.
Even if they somehow figured out how to scale decentralized systems and keep them reasonably spam-free, they wouldn't want them.
This is certainly untrue, but it would be interesting to know what reasonable conditions would need to be true for an IPFS file to become unavailable.
Maybe it would have been better if the images were stored encrypted in some manner, and decrypted on the client.
However I applaud the initiative and newness of this!
I've been looking into developing distributed client-side apps for IPFS, and it would be great if we could just tap into the native IPFS DHT rather than having to depend on a separate IP-based DHT for peer discovery in our apps.
IPFS is an interesting project and this is a pretty cool usage of it.
I don't understand why they are doing dumb things like passing everything to a shell when PHP has curl support of its own, and imagemagick.
Also it would be good to recognize the work done before shooting out "wrooooong license (for me)", specially when it still is licensed under a free software license.
I'd say yes. IMO there isn't a single thing you can do with a AGPL licensed piece of SW that you cannot do with a MIT licensed one, -the other way around, -quite a bit.
> Also it would be good to recognize the work done before shooting out "wrooooong license (for me)"
Sorry. Wasn't my intention but I can clearly see it being read that way. I just wanted to point it out as I personally don't like AGPL and wanted others to avoid the disappointment had.
Sure there is. You can prevent others from imposing restrictions. If someone takes your non-copyleft software and uses it to build something that forbids people from knowing what's in it, how it works, or what it does with their data, then you are helpless to stop it.
IMO nobody can impose restrictions to your MIT licensed code unless they can somehow threaten you and your users (think patents, law enforcement) in which case you have lost anyway.
They can reuse your MIT code and impose restrictions on their modified code but we still have the free MIT code that is way free-er that AGPL and we also have an additional proprietary option.
Edit: And if your worry is that they will use the code to create a commercial product with a slightly different file format etc this is a standards issue, not a open source issue. Furthermore, if there isn't liberally licensed code available they will just create their own broken/different version.
Summarized: I am fairly convinced that for many companies the option to using BSD/GPL/LGPL/MIT code isn't using AGPL but rather using a commercial solution or write their own. Both this more or less guarantees you get no patches back to your open source project. AGPL is then just a way to make a statement.
Not to you, but to your users. If you don't care about your users' well-being, well...
> use the code to create a commercial product
I wish people who oppose the AGPL didn't see mistreating their customers as the only way of being commercial. There are several examples of commercial AGPL software.
Yes, hiding the source code and forbidding them from copying the source code is mistreating them. If you are not doing anything wrong, then why are you hiding the source code? When software is naturally copyable, why are you denying them this natural right?
> Both this more or less guarantees you get no patches back to your open source project
There are also plenty of examples of copylefted projects getting even more patches than corresponding non-copylefted projects. There's a popular kernel called Linux that is copylefted and gets tons of industry-backed patches. People have been using that bugbear for as long as copyleft has existed. Mailpile got that threat when it switched to AGPL-only and so far its contributions haven't slowed down.
They can still use my MIT licensed code which gives my user more rights than AGPL ever will.
> Yes, hiding the source code and forbidding them from copying the source code is mistreating them.
Now you are arguing against closed-source, not liberal open source licenses.
> There's a popular kernel called Linux that is copylefted and gets tons of industry-backed patches.
Note that you can use Linux on your server without announcing it to everyonce who acesses it. Also another reason for why patches are submitted are because industry hope their patches will be mainlined so there will be less maintenance.
That said, GPL has worked well for the Linux kernel, possibly better than BSD. (I'm mostly arguin against AGPL.)
> Mailpile got that threat when it switched to AGPL-only and so far its contributions haven't slowed down.
Now that is interesting.
Non-copyleft licenses provide no protection against proprietary derivatives. If you have no objection to proprietary derivatives, then I think that's a weak stance to take. It means you don't care if your users can be given your software but without the rights that you intended them to have, because someone between you and your users can always take that right away.
While your users might come back to you to get the same software with the same rights you intended them to have, they might not be aware of this, or they might not want your software alone, but together with whatever else was built on top of it, which they cannot get under your original permissive terms anymore.