[ANN] Sia - Decentralized Storage

[Scalextrix]

Thanks for the replies, Im seeing this is an active community which is key for success.  I also would like to use Sia as archive, I use Amazon Glacier for that now but I think Sia could do that better/cheaper.
Sorry to be a fool, where is/how do I launch Sia as command line for Windows?
You gotta plug that security hole with the unlocked wallet, for now Ill keep my SC on one machine always locked and set the other as the one available for hosting.

What security hole are you talking about? We do recommend keeping most of your coins in a cold wallet (unplugged from the internet, and backed up in several places), and only keeping coins you need in the near future on an open machine.

v0.5.0 is aiming to make Sia a substantial improvement to Amazon Glacier. We're trying to work out all the kinks, and I think we've come a long way since v0.4.8.

You can drag-and-drop the 'siac' or 'siad' binary into a command prompt. The v0.4.8 binaries can be downloaded here: https://github.com/NebulousLabs/Sia/releases/tag/v0.4.8-beta

In v0.5.0 coming soon you will be able to set your own period. So, you could increase the default 6,000 blocks to something much higher.

That is incorrect. The big change is that files will automatically re-upload, meaning that they'll stay online so long as you continue running the daemon. For v0.5.0, files will go up for 4 weeks by default and renew when there are 2 weeks left. The numbers are small so we can see how the hosts + renters behave on a short timescale in a live environment before switching to bigger file contracts. For v1.0, I think the upload time will be 6 months (26 weeks), renewing when there are 12 weeks remaining. We will probably add customizability to those numbers, but those customizations are not ready for v0.5.0.

I thought there was no debate, leaving the hosting wallet permanently unlocked is a risk to the extent a non-authorized actor  can operate core functios of the wallet.  Whether I keep 0.0000001 or 1,000,000 SC in there, there is a risk.  Sorry if my chioce of words was poor, no offence intended, but if Im going to use Sia to store my files, host for others I dont want to be shuttling funds away/back to a cold wallet all the time.

[1715015610]

1715015610

[1715015610]

1715015610

[1715015610]

1715015610

[1715015610]

1715015610

[Taek]

In v0.5.0 coming soon you will be able to set your own period. So, you could increase the default 6,000 blocks to something much higher.

That is incorrect. The big change is that files will automatically re-upload, meaning that they'll stay online so long as you continue running the daemon. For v0.5.0, files will go up for 4 weeks by default and renew when there are 2 weeks left. The numbers are small so we can see how the hosts + renters behave on a short timescale in a live environment before switching to bigger file contracts. For v1.0, I think the upload time will be 6 months (26 weeks), renewing when there are 12 weeks remaining. We will probably add customizability to those numbers, but those customizations are not ready for v0.5.0.

In that case you should update your v0.5.0 API documentation. In the section /renter/upload/{siapath} [POST] it states:

Code:

'duration' is the number of blocks for which the file will be available. If the renew parameter is true, this parameter will be ignored.

Source: https://github.com/NebulousLabs/Sia/blob/master/doc/API.md

My interpretation was that 'duration' therefore is customizable to any number of blocks.

oh. Technically, you can edit the duration, but if you pick a duration that's too long, hosts will reject all of your file contracts. I think the hosts are set to max out at 8 weeks by default. It might be 12, but especially while the number of total hosts is low, it's probably better not to play with that number.

I thought there was no debate, leaving the hosting wallet permanently unlocked is a risk to the extent a non-authorized actor  can operate core functios of the wallet.  Whether I keep 0.0000001 or 1,000,000 SC in there, there is a risk.  Sorry if my chioce of words was poor, no offence intended, but if Im going to use Sia to store my files, host for others I dont want to be shuttling funds away/back to a cold wallet all the time.

A non-authorized actor can operate the core functions of the wallet only if malware has access to the machine. For the most part, it's not a concern. The feature was added for high-priority targets like Poloniex, and wasn't really aimed at everyday users. The host, especially further in the future, is going to need to be able to spend funds out of the wallet, and therefore must have access to the wallet's keys. (the host will need to put up collateral to get file contracts - collateral is important to the security model).

--------

New release candidates are ready. This means that they might be buggy, so use with caution. It is believed that all components work, including the miner.

[Scalextrix]

Another feature users might like is to be able to set the Hosting Price in line with the competitive average.
I see the 'Estimated competitive price' continuously fluctuating (I assume based on the network available storage and user rates), it would be good to set a +/- variance against this open market rate, so if Im new and want to pick up contracts quickly I can set 'recommended market -5%', or if Im established set 'recommended market', or if perhaps I want to shrink my storage (without dumping all my contracts) set 'recommended market +5%'.  I suppose in the early days like we are now, you need an absolute minimum, or everyone sets a percentage and the bottom falls out, perhaps the minimum hosting price should still remain.

This also saves me missing out on lucrative contracts if market conditions means space becomes short (Im not undercharging), and ensures I can pick up contracts if there is spare capacity (Im not overcharging).

[Fern]

I'm new to SIA and getting an idea of how the project is going.

Is there a good vibe in the camp at the moment? How is the project coming along?

Thanks

[NASdaq]

What response (if any) do the sia devs have to this claim? Follow the provably scams link for his analysis.

@TPTB, what do you make of Sia tech for decentralised cloud storage? They're more advanced than either of Storj and Maidsafe, as they've already launched a live beta version.

https://bitcointalk.org/index.php?topic=1060294.0

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

[akaman]

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

No, he doesn't have a point, because he made no point.

I am not a Sia dev but it is hard to take his comments seriously. He makes some hand-waving claims that Sia is prone to Sybil attacks, without proper analysis of how. He then concludes that Sia is therefore a provable scam, which demonstrates that he is incapable of logical deduction. For me, taking anything else in his post serious is therefore an impossibility.

In order to make these claims, you need some demonstrable proof of your assertions. I am not saying a Sybil attack can't be done, but I disagree with simply taking it for granted.

He moves on to some legal justifications for why Sia will be limited to ISP user clients which are simply not true. There is no reason why a commercial entity could not provide storage on the Sia network, even if they host illegal content, as long as they take steps to remove illegal content and block nefarious users. Dropbox does it. Google does it. Why can't Sia storage providers? Just because there is no central authority, that does not mean there can't be policing and enforcement of the rule of law.

[PondSea]

Do we have a wallet that will hold siafunds yet?

I am on version 3.3 still (havent opened it for a few months)

v0.5.0 has support for siafunds in the GUI

Is there a particular process for me to upgrade?

[akaman]

Do we have a wallet that will hold siafunds yet?

I am on version 3.3 still (havent opened it for a few months)

v0.5.0 has support for siafunds in the GUI

Is there a particular process for me to upgrade?

I would hang on for a couple of days until the official 0.5.0 version is released. The available version is a Release Candidate that is rather buggy.

[NASdaq]

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

No, he doesn't have a point, because he made no point.

I am not a Sia dev but it is hard to take his comments seriously. He makes some hand-waving claims that Sia is prone to Sybil attacks, without proper analysis of how. He then concludes that Sia is therefore a provable scam, which demonstrates that he is incapable of logical deduction. For me, taking anything else in his post serious is therefore an impossibility.

In order to make these claims, you need some demonstrable proof of your assertions. I am not saying a Sybil attack can't be done, but I disagree with simply taking it for granted.

He moves on to some legal justifications for why Sia will be limited to ISP user clients which are simply not true. There is no reason why a commercial entity could not provide storage on the Sia network, even if they host illegal content, as long as they take steps to remove illegal content and block nefarious users. Dropbox does it. Google does it. Why can't Sia storage providers? Just because there is no central authority, that does not mean there can't be policing and enforcement of the rule of law.

TPTB is a known conspiracy theorist, but I'm still not convinced he isn't raising an important issue here, not just for Sia, but for all P2P decentralised economic activity that *might* take place over the internet in the new knowledge age economy. His points about the differentiated treatment of upload vs download capacity, and net neutrality, and how they both effect the economics of ISP's, and therefore the governments ability to 'tax' the middle man in the knowledge economy sort of makes sense to me, but I can't grasp the full picture in my mind yet.

I like Sia coz it offers the chance to run a small independent business without any intermediaries in between, but if a large chunk of the knowledge economy follows this pattern, then people can avoid taxes easily, and ISP's will want a cut of the profits (similar to how some ISP's argue for a cut of Netflix $$), so wont there be a 'reaction' from both (ISP's & gov)? I can see they would both want to differentiate between commercial & non-commercial internet traffic eventually.

[Taek]

Another feature users might like is to be able to set the Hosting Price in line with the competitive average.
I see the 'Estimated competitive price' continuously fluctuating (I assume based on the network available storage and user rates), it would be good to set a +/- variance against this open market rate, so if Im new and want to pick up contracts quickly I can set 'recommended market -5%', or if Im established set 'recommended market', or if perhaps I want to shrink my storage (without dumping all my contracts) set 'recommended market +5%'.  I suppose in the early days like we are now, you need an absolute minimum, or everyone sets a percentage and the bottom falls out, perhaps the minimum hosting price should still remain.

This also saves me missing out on lucrative contracts if market conditions means space becomes short (Im not undercharging), and ensures I can pick up contracts if there is spare capacity (Im not overcharging).

We have plans to support algorithmic adjustments to the host price, depending on a variety of configurable inputs. We expect that, in the long term, hosts will have a large number of tools to help them set the price. More flexibility will be provided as the product continues to mature. For the time being, other features are taking priority.

What response (if any) do the sia devs have to this claim? Follow the provably scams link for his analysis.

@TPTB, what do you make of Sia tech for decentralised cloud storage? They're more advanced than either of Storj and Maidsafe, as they've already launched a live beta version.

https://bitcointalk.org/index.php?topic=1060294.0

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

He makes a few valid points about the potential pitfalls of building systems like Sia. Sia has either already addresses most of these problems, or has plans to address them in the near future. I don't want to do as much as point-by-point, but I'll address the big things that stood out to me. If there's something else in his post you would like addressed, let me know and I'll go into more depth.

1. Sybil Attack

This is probably the biggest thing we haven't fully addressed. While we do some IP address gating to help minimize the Sybil attack, we're not doing as much as we could be. Storj requires everyone to have 10,000 Storjx coins, which is not a bad defense mechanism. You can also use web-of-trust style barriers-to-entry, or use trusted whitelists to fill out a large portion of your hosts.

We have not worried about it too much up to this point because it's both annoying to execute and the payoff is very tiny, at least while the network is small. We will have stronger defenses in v1.0. We are planning on introducing a 'burn' that hosts can participate in to be put on a priority list, from which renters will be drawing a large number of their hosts.

Ultimately, the way you fight a Sybil attack is by making identity expensive. In Bitcoin, a Sybil attack is fought using POW. To submit a new block, you need a massive amount of hashing power. Sia takes a similar approach. To make an identity, you must demonstrate expense. Expense can come in many forms. The simplest is burning some volume of coins, which I think we're going to call 'cryptographic advertising' or something similar. Another form of expense is owning an IPv4 address. While it's not that expensive, most people already have 1, which means you can costlessly give power to legitimate users while adding expense to Sybil users. Unfortunately, there are not many costless things that we can leverage to prevent Sybil attacks, which is why we are probably going to resort to cryptographic advertising (also called proof-of-burn).

2. Deduplication Attack

An attack was mentioned where you can't be certain about the redundancy of your file. Maybe all of the redundant copies are lies? This is an actual attack, and I usually call it a deduplication attack. If you upload a bunch of redundant pieces such that anyone on the network can repair them, then one person can gather a single copy and pretend to store at maximum redundancy, receiving pay for lots of storage that they actually aren't participating in. Sia prevents this by encrypting each piece separately, using a random key. This completely stops the deduplication attack, but has a tradeoff: only the uploader can repair the file if pieces start to go offline.

Sia's reliability is very good, however. Even if you are only logging in every few weeks, there should be no issues with uptime. And eventually, we might be able to implement a pass-the-hat type of protocol that allows for files to be refreshed for as long as there is money. (though, that would require a soft-fork).

3. ISP issues & legality

We've gone over this a few times, and there are some threads dedicated to it at https://forum.sia.tech, but the quick version is that it's legal for hosts to accept random files from strangers, even if they are illegal files. If the host is caught with an illegal file, they are required to remove it within a certain period of time (usually 24 hours). Sia v0.5.0 (recently completed, though we haven't finished updating all the links yet) has support already for complying with these types of requests, though no host has ever been asked to remove a file thus far.

[Scalextrix]

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

No, he doesn't have a point, because he made no point.

I am not a Sia dev but it is hard to take his comments seriously. He makes some hand-waving claims that Sia is prone to Sybil attacks, without proper analysis of how. He then concludes that Sia is therefore a provable scam, which demonstrates that he is incapable of logical deduction. For me, taking anything else in his post serious is therefore an impossibility.

In order to make these claims, you need some demonstrable proof of your assertions. I am not saying a Sybil attack can't be done, but I disagree with simply taking it for granted.

He moves on to some legal justifications for why Sia will be limited to ISP user clients which are simply not true. There is no reason why a commercial entity could not provide storage on the Sia network, even if they host illegal content, as long as they take steps to remove illegal content and block nefarious users. Dropbox does it. Google does it. Why can't Sia storage providers? Just because there is no central authority, that does not mean there can't be policing and enforcement of the rule of law.

TPTB is a known conspiracy theorist, but I'm still not convinced he isn't raising an important issue here, not just for Sia, but for all P2P decentralised economic activity that *might* take place over the internet in the new knowledge age economy. His points about the differentiated treatment of upload vs download capacity, and net neutrality, and how they both effect the economics of ISP's, and therefore the governments ability to 'tax' the middle man in the knowledge economy sort of makes sense to me, but I can't grasp the full picture in my mind yet.

I like Sia coz it offers the chance to run a small independent business without any intermediaries in between, but if a large chunk of the knowledge economy follows this pattern, then people can avoid taxes easily, and ISP's will want a cut of the profits (similar to how some ISP's argue for a cut of Netflix $$), so wont there be a 'reaction' from both (ISP's & gov)? I can see they would both want to differentiate between commercial & non-commercial internet traffic eventually.

Set your business up in the EU we have net neutrality

[super3]

Another feature users might like is to be able to set the Hosting Price in line with the competitive average.
I see the 'Estimated competitive price' continuously fluctuating (I assume based on the network available storage and user rates), it would be good to set a +/- variance against this open market rate, so if Im new and want to pick up contracts quickly I can set 'recommended market -5%', or if Im established set 'recommended market', or if perhaps I want to shrink my storage (without dumping all my contracts) set 'recommended market +5%'.  I suppose in the early days like we are now, you need an absolute minimum, or everyone sets a percentage and the bottom falls out, perhaps the minimum hosting price should still remain.

This also saves me missing out on lucrative contracts if market conditions means space becomes short (Im not undercharging), and ensures I can pick up contracts if there is spare capacity (Im not overcharging).

We have plans to support algorithmic adjustments to the host price, depending on a variety of configurable inputs. We expect that, in the long term, hosts will have a large number of tools to help them set the price. More flexibility will be provided as the product continues to mature. For the time being, other features are taking priority.

What response (if any) do the sia devs have to this claim? Follow the provably scams link for his analysis.

@TPTB, what do you make of Sia tech for decentralised cloud storage? They're more advanced than either of Storj and Maidsafe, as they've already launched a live beta version.

https://bitcointalk.org/index.php?topic=1060294.0

Storj, Maidsafe, Sia, and Permacoin (and any other decentralized file system that pays to store a file instead of only paying to serve the file) are all provably scams.

He seems to be saying (among many other criticisms) that the economics of decentralised cloud storage systems can't work, and storage providers will end up using dedicated servers and smaller opertions will get shut down by their ISP's. He's a wacky guy, but not a light weight thinker. Does he have a point?

He makes a few valid points about the potential pitfalls of building systems like Sia. Sia has either already addresses most of these problems, or has plans to address them in the near future. I don't want to do as much as point-by-point, but I'll address the big things that stood out to me. If there's something else in his post you would like addressed, let me know and I'll go into more depth.

1. Sybil Attack

This is probably the biggest thing we haven't fully addressed. While we do some IP address gating to help minimize the Sybil attack, we're not doing as much as we could be. Storj requires everyone to have 10,000 Storjx coins, which is not a bad defense mechanism. You can also use web-of-trust style barriers-to-entry, or use trusted whitelists to fill out a large portion of your hosts.

We have not worried about it too much up to this point because it's both annoying to execute and the payoff is very tiny, at least while the network is small. We will have stronger defenses in v1.0. We are planning on introducing a 'burn' that hosts can participate in to be put on a priority list, from which renters will be drawing a large number of their hosts.

Ultimately, the way you fight a Sybil attack is by making identity expensive. In Bitcoin, a Sybil attack is fought using POW. To submit a new block, you need a massive amount of hashing power. Sia takes a similar approach. To make an identity, you must demonstrate expense. Expense can come in many forms. The simplest is burning some volume of coins, which I think we're going to call 'cryptographic advertising' or something similar. Another form of expense is owning an IPv4 address. While it's not that expensive, most people already have 1, which means you can costlessly give power to legitimate users while adding expense to Sybil users. Unfortunately, there are not many costless things that we can leverage to prevent Sybil attacks, which is why we are probably going to resort to cryptographic advertising (also called proof-of-burn).

2. Deduplication Attack

An attack was mentioned where you can't be certain about the redundancy of your file. Maybe all of the redundant copies are lies? This is an actual attack, and I usually call it a deduplication attack. If you upload a bunch of redundant pieces such that anyone on the network can repair them, then one person can gather a single copy and pretend to store at maximum redundancy, receiving pay for lots of storage that they actually aren't participating in. Sia prevents this by encrypting each piece separately, using a random key. This completely stops the deduplication attack, but has a tradeoff: only the uploader can repair the file if pieces start to go offline.

Sia's reliability is very good, however. Even if you are only logging in every few weeks, there should be no issues with uptime. And eventually, we might be able to implement a pass-the-hat type of protocol that allows for files to be refreshed for as long as there is money. (though, that would require a soft-fork).

3. ISP issues & legality

We've gone over this a few times, and there are some threads dedicated to it at https://forum.sia.tech, but the quick version is that it's legal for hosts to accept random files from strangers, even if they are illegal files. If the host is caught with an illegal file, they are required to remove it within a certain period of time (usually 24 hours). Sia v0.5.0 (recently completed, though we haven't finished updating all the links yet) has support already for complying with these types of requests, though no host has ever been asked to remove a file thus far.

If you wanted a more costless entry you could have new user's rewards go straight to burn or bond. That way there is no startup cost, but the attackers don't get rewarded until they can cover the damage they could cause. We will probably implement something like this on our system in the future, but with 2 PB on network, making it more costless would be bad for us.

[Scalextrix]

Hey so I have some contracts where I am playing the host, but no payments.  There is a 'to be earned' field too, but thats empty, I appear to be storing for free even though I set a rate of 1SC/GB/Month.
Is this an issue with the amount being stored is so small that it cant scale the payment calculation?

[X1235]

Which are the files that have to be archived for backup purposes? wallet.json and? Thank you for the help.

[akaman]

Which are the files that have to be archived for backup purposes? wallet.json and? Thank you for the help.

Primarily, yes. If you have many files uploaded through Sia, I would also back up the /renters directory occasionally since if you loose the .sia files you also loose access to your content on the cloud.

[4emily]

Currently running 0.4.4 and in the process of upgrading to 0.4.8, preparatory to the upgrade to v.0.5.0.

I've d/loaded Sia-v0.4.8-beta-darwin-amd64.zip (from https://github.com/NebulousLabs/Sia/releases/tag/v0.4.8-beta) but my Windows 7 OS claims the 'siac' and 'siad' files are unknown file types and ask me what program I want to use to open them with.

Any help much appreciated, as always

Thanks 

[akaman]

Currently running 0.4.4 and in the process of upgrading to 0.4.8, preparatory to the upgrade to v.0.5.0.

I've d/loaded Sia-v0.4.8-beta-darwin-amd64.zip (from https://github.com/NebulousLabs/Sia/releases/tag/v0.4.8-beta) but my Windows 7 OS claims the 'siac' and 'siad' files are unknown file types and ask me what program I want to use to open them with.

darwin is the zip for Mac. You want to download the Sia-v0.4.8-beta-windows-amd64.zip file.

[Taek]

Which are the files that have to be archived for backup purposes? wallet.json and? Thank you for the help.

You probably want to back up all of the folders and files in the Sia directory. Compatibility should mostly be preserved. One thing we're hoping to achieve with 1.0 is auto-updating, so that the upgrade from 0.5.x to 1.0 is the final upgrade you ever need to perform manually.

Currently running 0.4.4 and in the process of upgrading to 0.4.8, preparatory to the upgrade to v.0.5.0.

I've d/loaded Sia-v0.4.8-beta-darwin-amd64.zip (from https://github.com/NebulousLabs/Sia/releases/tag/v0.4.8-beta) but my Windows 7 OS claims the 'siac' and 'siad' files are unknown file types and ask me what program I want to use to open them with.

Any help much appreciated, as always

Thanks 

I'm not 100% certain, but I don't think that you need to upgrade from 044 to 048 before going to 051.

Also, 051 is approx. ready, should be done in under an hour. We thought it was done, but at the last minute we were seeing a weird UI bug. I'll make the announcement once we're happy that everything is reasonably smooth and ready to use.

[tranzactionezlive]

Guys i have two wallets mining - the block i found lately show up as transactions but no funds have been added to wallets. One of the wallets was new so it shows 2 transactions of blocks of yesterday but 0 balance and 0 pending.

Please advise.


So 1 block for one wallet, shows transactions but funds have not shown not even as pending and on another pc another wallet with 2 blocks that show transaction mined but the same - no balance , no pending.


I know we're still in BETA but please advise a way to recover these. PM works best.


Edit :

3 different wallets on 3 PC's mining, two of them have each 1 transaction that shows for 270000 mined but no funds arrived nor pending, the third one has two transactions in the same state, unexistent. The transactions appear in the wallet both the GUI and the command line one but funds are simply missing.



Also, please advise i am desperately trying to upgrade from 0.46 to 0.51 but i seem to be unable , first,  if i simply copy the wallet folder, the password works and wallet unlocks but i see no funds or transactions. Then, if i also copy the consensus.db folder and file, the command line wallet works showing all the transactions and the funds ( with the same problem as 0.46, missing the funds for the last 2 transactions ) however the GUI won't start, showing a blue 1 in the middle of the GUI and the error :ECONNREFUSED 127.0.0.1:9980.


Thanks

[Scalextrix]

Hey so I have some contracts where I am playing the host, but no payments.  There is a 'to be earned' field too, but thats empty, I appear to be storing for free even though I set a rate of 1SC/GB/Month.
Is this an issue with the amount being stored is so small that it cant scale the payment calculation?

upped the rate to 10SC/GB/Month and now I have 115 contracts and an amount of SC 'to be earned', kinda counter intuitive, but seems to work