This is an interesting application. I wonder how it deals with abuse (e.g., libellous content that needs to be removed), a DELETE operation added to the blockchain? (I guess the content still exists in the blockchain but not in the database)
Yes, SQL on blockchain is append-only. The SQLChain blocks can only be accessed with a granted private key. I think all public chains are facing the abuse problem.
Yes, you are right. But I really can not find a proper word to describe this project.
CovenantForum just stores all the data in CovenantSQL which is a database use blockchain to sync "binlog". CovenantForum also stores the pictures in database as blob.
User private OAuth token is stored in the cookie. Forum clients can share the same token and also use their own token. Same DSN(database serial num) indicates the same forum.
First, it's open source. so it's free technically.
And, as all the database miner node is distributed globally(not enought for now). By running a client you can visit the forum even from localhost, it's relatively hard to block the forum.
But using database hosted by miners need to pay PTC. You can get PTC by replying to the [topic](https://demo.covenantsql.io/forum/#/t/2) with your wallet address.
For a true decentralized forum, I would probably prefer https://www.scuttlebutt.nz/ .. the protocol seems nice and understandable, doesn't use block-chain, just distributed append-log, based on user white-lists, user/machine is identified by their pub-key and it works even on local network without access to the internet.
I played around with the git-ssb project that allows you to even host and collaborate on git repositories stored in the distributed log.
Only thing I don't really like is the reliance on the npm ecosystem, so I am waiting if they manage to finish a reimplementation of client and server in rust.
I heard about it already, but I think it has one major issue: the name is terrible. It is ugly, complicated, hard to say, has "butt" in it.
I would never see myself talking to friends about "secure scuttlebut".
I'm not a native speaker though, so maybe it makes sense for others.
Scuttlebutt has one big no-no for me:
It isn't possible to edit or delete a post, reply, or interaction. That means that you're sharing your complete history with everyone you connect to, without any control on the data. That's not how I personally want to deal with friends and other contact, and that's where the similitude with "real life" ends; nobody share their complete history of content with all their friends, and friends of their friends, when meeting in a pub.
That's a shame, I really like the focus on developing local contacts, and the project has some good ideas.
CovenantSQL uses a CA less protocol to distribute log.
To implement a decentralized system, I wrote a TLS like P2P net stack. The main idea is removing CA Cert from the whole system by using a DHT for Naming and Key Exchange. I am not a crypto expert, so if there's any flaw please point it out for me here or Github
I use an Elliptic Curve for asymmetric encryption
DH-RPC NodeID is generated by hash of Node PublicKey and an Uint256 Nonce:
I refer to S/Kad idea to define the number of consecutive 0s in front of the NodeID as difficulty and to impose a minimum limit on the difficulty of the NodeID allowed to be stored on the DHT. DHT is used to hold the NodeID:PublicKey NodeID:Addr map. NodeID and Nonce are sent to do ECDH getting shared secret after TCP connection established.
GenECDHSharedSecret(APub, BPriv) == GenECDHSharedSecret(BPub, APriv)
The main procedure is described as sequence chart: https://github.com/CovenantSQL/CovenantSQL/blob/develop/logo...
Because in the decentralized system NodeID is the URI, not "Bob/Alice.com". So anyone tries to fake NodeB by overwriting the address or public key on DHT without the private key of NodeB will be failed to get the correct shared secret.
This is nice, first time I hear about it. But I cannot find much info about it, where did you hear they are re-implementing the client / server in rust?
