Hacker News new | comments | ask | show | jobs | submit login
Show HN: ORC – Onion Routed Cloud (orc.network)
96 points by sp0rkyd0rky on July 8, 2017 | hide | past | web | favorite | 36 comments

Sorry I have not dug too deeply, but I have some questions.

1. Are there controls (i.e. proof-of-stake) to enforce equitable and lasting storage of your items on others' machines?

2. What is the consensus model for marking peers as bad actors?

3. What are the redundancy guarantees? That is, how many nodes store my data?

4. What is the "currency" of sorts that I must "pay" in order to store a certain amount? Amount of hard disk I contribute back?

5. Why was the AGPL chosen? Surely adoption by any means, commercial or otherwise, would be welcome in a system that has equitable sharing guarantees. Now if I want to implement your spec in my choice license, I can't even read your reference implementation.

Maybe some fodder for the FAQ. If not answered later, I'll peruse the whitepaper.

proof-of-retrievability, I imagine somewhat like what Storj, Sia and Filecoin do.

zcash is the currency.

This looks like the opposite of IPFS in terms of what gets stored on your computer if you are part of the network.

On IPFS, something gets on your computer only if you decide to let it, and there are blacklists to automatically keep off material you don't want.

On ORC, it seems that encrypted pieces of everything get stored, so you can wind up with all sorts of things you don't want, but on the other hand might be able to deny legal responsibility.

Well, in ORC you get paid for storing things, in IPFS you don't.

Another comparison would be FreeNet, also where you don't get paid anything, but you don't know what's on your particular hard drive either.

With FreeNet though, you can anonymously post and distribute content to others. I didn't see anything on the page or FAQ indicating if you could create a public key/link (like you can with Mega).

True, except with filecoin you get paid in IPFS.

Anyway, my comment wasn't meant as a total comparison, just focusing on one particular issue.

Based on what I'm reading here, it looks a lot like freenet. Does orc give any kind of privacy promises like it?

Yes, functionally it's like Freenet. But it's all done through Tor onion services, so participants can be at least somewhat anonymous. With Freenet, there is no anonymity, only "plausible deniability". Which in practice has ended up being pretty worthless by itself. Consider that guy in Philadelphia, who's rotting in prison for refusing to provide his FDE password. He claims to have forgotten it, but that's not working out so well.

Interesting, does anyone know how this is related to storj.io?

IIUC, this was a fork of storj created by a recently-former maintainer [1]. Strikes me as a great time to liquidate your SJCX (I just did).

[1] https://www.reddit.com/r/storj/comments/6llxpn/so_long_frien...

Yikes, there are a lot of grievances being aired in that thread. To clear up any confusion:

  Yes, I have forked my work on Storj and have given it to 
  Counterpoint to help raise some money to continue to develop 
  it. Please note that this project is not a competitor to 
  Storj as it is fully distributed, there is no business model 
  (because there are no bridges), and it is managed by a 501c3 
  Edit: see https://orc.network

I don't know the Storj project or this situation well, but the timeline of events I've gathered from reading those reddit comments is:

- You acquired some "pre-mine" tokens (apparently with no vesting)

- You pre-sold those tokens before the fundraiser

- You quit the company shortly after

- You then proceeded to slander the company on Reddit (something something "radical transparency")

- You then forked the company's project and started calling it your own. But it's not "competing" because you're using a 501c3 tied to an unrelated hackerspace in Georgia as an umbrella for its fundraising (possibly risking its tax-exempt status).

I think this is a fair question to ask given the circumstances: Is your goal here to create a great open source project, or to damage Storj?

Believe me, I understand how this looks. To answer your questions:

- Yes, early storj employees were given tokens on a schedule related to achieving certain milestones

- Yes, when I felt it was appropriate for my own future, I sold those tokens

- Yes, not long after I sold, I (and others) left

- No, my intent was not to slander, but simply to explain why I have disappeared from the community and why core development has slowed

- Yes I forked a free software project and our hackerspace is providing what's called a "comprehensive sponsorship" which in no way risks 501c3 status

My goal has always been to create a great project and never to harm Storj Labs. Though, admittedly, given the circumstances I understand how it might appear that way. Because of that, can we not turn this thread into what happened on Reddit?

Also I should clarify on the sale of the tokens. This was SJCX, it wasn't a premine, but that token had been trading for years and I held mine for well over a year. I never held any of the tokens that were part of the recent sale.

It looks like a bunch of their team was part of the Storj team previously - maybe a fork of Storj's core to be compatible with Onion vs Blockchain?

It looks like their website is also based on the same theme.

From a commented out paragraph: <!--<p> ORC is a non-profit free software project sponsored by <a href="https://counterpoint.info">Counterpoint Hackerspace</a>. It's team is composed of previous authors and contributors to <a href="https://bitcore.io">Bitcore</a>, <a href="https://storj.io">Storj</a>, <a href="https://ipfs.io">IPFS</a>, <a href="https://ethereum.org">Ethereum</a>, and <a href="https://z.cash">Zcash</a>. We are strong proponents of anonymity, decentralization, and community and we are building ORC to bring those qualities to the cloud. We are passionate about the work we've done but we <a href="https://www.generosity.com/fundraising/orc-distributed-anony... help</a> to continue hacking the planet! </p>-->

>maybe a fork of Storj's core to be compatible with Onion vs Blockchain?

That is the impression I get from the Storj and ORC faq's. They both are distributed storage networks with files split up in pieces and encrypted. Storj uses the blockchain to make files immutable, ORC uses tor hidden services and zcash to make the file owners anonymous and the servers hidden.

What is it? There's no explanation of what it is in the website, although there is a whitepaper, documentation, a tutorial and a description of the protocol.

From the whitepaper Abstract:

"A peer-to-peer cloud storage network implementing client-side encryption would allow users to transfer and share data without reliance on a third party storage provider. The removal of central controls would mitigate most traditional data failures and outages, as well as significantly increase security, privacy, and data control. Peer-to-peer networks are generally unfeasible for production storage systems, as data availability is a function of popularity, rather than utility. We propose a solution in the form of a challenge-response verification system coupled with direct payments. In this way we can periodically check data integrity, and offer rewards to peers maintaining data. We further propose that in order to secure such a system, participants must have complete anonymity in regard to both communication and payments."

Somewhat related: why every project out there that wants to appear as serious has to publish a "whitepaper", which is basically any gibberish you want in a PDF format?

(Not saying ORC is gibberish at all, but I do have seem the most simple and stupid ideas written in tech projects whitepapers over the last years.)

Why can't a project write all it wants in HTML pages, with links, clickable topics, separated pages, images, code snippets, examples etc., everything that could make it better to read and understand?

Because of the Bitcoin whitepaper, its prominence in the Bitcoin community (it's almost a Constitution), and people wanting to replicate that.

Because whitepapers look scientific and somewhat professional. At least enough to let people believe a given project is worth an ICO investment. (Not ORC, but still, guys c'mon just give us the information on a website)

It reminds me of the Kickstarter and Angellist video fad.

I think I was mistaken (but this should hint at the state of the landing page design), there is actually a simple explanation of what it is if you scroll:

"The ORC Project is a peer-to-peer network of computers that coordinate anonymously over Tor to allocate their unused hard disk capacity into a collective cloud. Developers can use the ORC network as an object storage platform in place of the popular cloud services offered by Amazon, Google, and Microsoft. Peers automatically pay each other based on storage used, bandwidth, and availability using the anonymous cryptocurrency Zcash for a fraction of the cost of using a traditional centralized cloud.

In the ORC network, files are encrypted on the user's computer, shredded into smaller chunks, and then stored on many different computers around the world. Redundancy is achieved through the use of erasure codes so that your data can always be recovered even in the event of large network outages. ORC is completely decentralized, meaning that no single company or organization has control of your data, only you!"

Sounds very much like Freenet...

Yeah, except it is all encrypted so only the person who owns the data can read it (unless of course they decide to make the key public), and you pay for the storage with zcash.

So basically it solves all Freenet problems?

Well, from what I understand, Freenet is a total darknet, with things like sites, email, discussion boards, and so on, whereas ORC is focused just on storage. In fact, ORC is riding on top of tor hidden services, which is also a total darknet.

Freenet is not a "total darknet". It is a key-value storage basically. You can have immutable or mutable keys for data, and with these two things you can implement chat, sites, email, whatever. Freenet email does not implement the same protocols the outworld email does, nor can it communicate with outside emails, but since you must access it through a special client (not through you normal email client) it works.

The web page says files are encrypted and then split into chunks that are stored around the network, and then reassembled when you want to access your file. That sounds like no one could alter your file.

The webpage also says, "Redundancy is achieved through the use of erasure codes so that your data can always be recovered even in the event of large network outages."

Does this means files can't be lost, as long as you keep paying your bill?

>The webpage also says, "Redundancy is achieved through the use of erasure codes so that your data can always be recovered even in the event of large network outages."

>Does this means files can't be lost, as long as you keep paying your bill?

The white-paper mentions:

>"ORC will soon implement client-side Reed-Solomon erasure coding (Plank (1996)). Erasure coding algorithms break a file into k shards, and programmatically create m parity shards, giving a total of k + m = n shards".

So at first glance its seems like the usenet parchive/PAR2 redundancy methodology, but storing the parity shards locally (client side). Well that's my interpretation of this section of the white-paper anyways.

So in short: it certainly doesn't mean that the files "can't be lost", but it means the owner of the files can rebuild the files using parity shards from client side in that case that network outages affect file availability.

This sounds interesting and got me thinking, i have some high bandwidth storage just sitting around. However i the machine runs on a skylake pentium and docker seems overkill. Is there anything like this that works without docker?

It's not required to run in docker, just there for ease of setup. Check out https://orcproject.github.io/orc/tutorial-install.html

Nice. Seems there is a error tho:

    npm install -g @orcproject/orc
only works as:

    npm install -g orcproject/orc

Oo! Sorry hasn't been published to npm yet, still prepping for beta. Try `npm install orcproject/orc` to get the latest from master branch on github.

Aanndd just saw you did that already.

Is this viral marketing for Silicon Valley?

Mostly kidding, but really, this is pretty close to "Pied Piper" isn't it?

I wonder how much storage would cost? I found Amazon's cloud storage surprisingly affordable. It doesn't seem like it would add so much cost just to run it through a TOR network.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact