I only see here yet another key value store with an application programming interfaces that resembles the typical filesystem operations, but it is only accessible within a programming framework.
I know it is not finished but the flaws I see at the moment are completely fundamental: it aims to be general purpose, not unix compliant, not mountable, not language or truly operating system agnostic and in conclusion does not permit leverage existing filesystem tools such as mount/find/grep/sshfs etc... not to speak about support for multiple processes, users, time validations...
I wish you all the luck in the world as pet project (really! especially since filesystems are quite hard to get mature and stable) but I hope it never succeeds as a serious alternative to filesystems, because that could be worse than mongodb to rdbms.
Now trying to be constructive: there is value in the concept of runtime embeddable file systems. Why don't reframe the project as a key-value store which is embeddable within applications and mountable? (for example via fuse so you can even mount it mac/linux/others). Even if it is mountable only as RO that could bring several advantages over existing key-value-stores and advanced filesystems which are not embeddable.
Again, impressive work, good luck.
EDIT: the way you store data is also a great discussion topic... who is interested in so many possible ways to store the information anyway? that mostly depends on the requirements of the consuming application... for example if you target users which want to have a file-system-alike embedded runtime, why they would like to use this project if they have access to advanced unix compliant filesystems which support encryption and RAID and advanced tools out of the box?
For single process crypto storage I'd sooner use a crypto shim for SQLite, I don't know if there's any good one available out there (besides the one sold by the SQLite devs).
One of the major goals of this project is to keep app files private, which means exposure surface must be as minimal as possible. To this end, it intentionally does not support mount/FUSE or other mechanisms which can 'share' access across processes. Zbox doesn't allow multiple processes access, even those processes are under same user account.
For your question why not make it an embeddable key-value store. I think, IMHO, file store is more generic. We have VERY long history using file system, it is the base of every OS, it has solid API, every language provide similar access interface, everybody familiar with how to talk with file system. For Zbox it also provides similar API to Rust's file system API, that will make most developers much easier to adopt it.
>We have VERY long history using file system, it is the base of every OS, it has solid API, every language provide similar access interface, everybody familiar with how to talk with file system.
I agree, but then you don't really do that, do you? Merely mimicking the Rust fs API is not enough to call your project a "filesystem" in my opinion. It's actually probably the least of my concerns when it comes to using a filesystem.
On the other hand not being able to use the familiar "cd", "grep", "cp", "mv" and "cat" the contents of this so-called filesystem means that it's really not that familiar at all.
I'm not sure I see the point of the "minimal attack surface", you can create private fuse mounts that can't be accessed by other UIDs. And if you're worried about same-UID compromised programs snooping around then it's game over anyway. That smells a bit like FUD to me.
For Zbox, it is just like a kernel module but runs inside application memory space. To interact with it, you have to use a set of 'standard' API, in kernel that is VFS, in Zbox that is Rust's fs API (not exact same, but similar).
IMO if you can't do this you don't have a filesystem, you have a database with filesystem semantics.
Anyway, by now anybody reading this discussion will have made up their mind so let's leave it at that. And good luck with your project nonetheless, semantics aside it's rather impressive.
>The reason why I am using it is mainly for marketing purpose.
>I am going to change the term to zero leakage, what do you
The author may change it to Uber Super Duper The Best of The Filesystems in the entire Observable and the non observable parallel universes, makes more sense.
- Where exactly does "zero-knowledge" play a role here? Does this provide steganography? Or, what is meant?
- Why do they use libsodium (excellent choice, but C) instead of a native Rust crypto library?
- Does this only work with Rust applications?
As I said in https://github.com/zboxfs/zbox/issues/4, this term was originally for marketing purpose. It means no data or metadata can be leaked to underlying storage, so for an outsider there no knowledge about its content. But it turns out many people think it is misleading to zero knowledge proof in cryptography, so I have already changed it "zero-details".
libsodium is a great library, it is fast, sophisticated, mature and has some advanced crypto features I like, such as Argon2 hash and AES nonce extension. I know there are some Rust crypto libraries are great, but overall it is still young and need improvement.
- Does this only work with Rust applications?
Yes, for now only Rust. But I am considering add FFI interface so it can be used by other languages.
I am not talking about some github repo in some dudes repository which contributes to it in his spare time.
That said, https://crates.io/crates/ring is what most people suggest you should reach for: it's a slow and steady port of BoringSSL's code to Rust + asm. Of course, that only has a subset of crypto; there's other great projects too, the tor people have been putting out crates like https://github.com/isislovecruft/curve25519-dalek
Also, does it really make sense to create a separate crate for every crypto primitive (or small set of primitives)? This has so many obvious disadvantages compared to the "libsodium approach".
I'm not aware of anyone porting libsodium, though it's also not my area of specialty.
What's the alternative? That each individual developer has to pick and combine their favourite set of crypto libs, making crypto libs spread by popularity (which is more often than not a self-fulfilling prophecy) rather than actual quality.
Someone has given it an attempt: https://github.com/jmesmon/sodalite But the port doesn't seem to be too mature yet.
(Edit: For those not aware, Libsodium is based on a portable rewrite of NaCl.)
This is a little too close to how some real official crypto libraries are maintained. OpenSSL for example.
Currently using cryptomator for encrypting local directories under Linux. Works very well with Nemo (File Manager), browsers (I keep local html pages here..), gedit. Some apps don't like accessing the DAV-based links (geany), while others generally work will enough that I have long-term confidence (ZIM Desktop Wiki = issues only with moving pages around within ZIM itself).
I'm just imagining an operator trying to debug the system only to find out that he can't read any of the files from the terminal and will have to build custom programs using this library to operate with the data.
And it seems like there are API abstraction issues too... Imagine you use a library that writes some state to the file system using the standard lib. None of that data would end up encrypted because it didn't go through this library.
Whereas using the operating system's filesystem allows transparent compression and encryption without having to change your code at all.