I'm a believer in this idea generally --- that we should replace applications built directly on IP/TCP with applications built on a content-addressed overlay network running on top of IP/TCP --- but I think the logic used here is faulty.
For instance: I'm not clear on how IPFS protects applications from DDOS. Systems like IPFS spread the load of delivering content, but applications themselves are intrinsically centralized.
> I'm not clear on how IPFS protects applications from DDOS. Systems like IPFS spread the load of delivering content, but applications themselves are intrinsically centralized.
Think about an application whose content is moving around entirely distributed by IPFS as well -- think of apps who run mostly on clientside, with signed (+ maybe encrypted) data generated on the users' browsers, with maybe a few "non-browser" nodes contributing to building indices or providing trusted oracles.
What we're taking about is a model for webapps in which not just the content, but the logic + processing is decentralized too. At one extreme are bitcoin/ethereum style applications, where everyone runs the same computation to verify it, and another extreme where everyone just computes on their own data + the data they care about, and sign all their updates.
How to do this well is not easy-- distributing the content is one part, another is making a really good capabilities library (Tahoe-LAFS has done an excellent job with this, for example, and e-rights has tons more great ideas). Another part still is thinking about the sync models with ephemeral nodes which create tons of small pieces of data, blast them out to content bouncers, and go offline. Building scalable real-time indices on this sort of stuff is going to be tricky :)
Another interesting area is thinking about how databases look once you do this-- think both NoSQL AND SQL models on top of IPFS. yep, may sound crazy, but we have some preliminary work towards this (NoSQL is easy, SQL is less easy, but very doable! -- after all a database is just a good datastructure and good algorithms for operating on it).
Happy to write more about this, it's a super interesting model we're exploring.
Not tptacek, but could you give a bit more on the contrast between Ethereum an IPFS. Also, what is your "version" of DNS? How can I map a human readable name to a file/connection and verify authenticity? Project looks awesome, checked it out briefly last time an article was posted. Excited! Thanks.
(1) Providing a long-term reliable mutable pointer. (no consensus needed)
(2) Providing a long-term reliable short and human-readable identifier. (consensus needed)
Where "long-term reliable" means i can rely on it for decades for important businesses. I.e. nobody will just take it from me by a fluke of the protocol.
IPNS, the naming system of IPFS, separates these into two steps:
(1) First, it makes a cryptographic name-system (this is based on SFS -- by David Mazieres -- look it up, fantastic system and a prelude to the core design of IPFS, Gnunet, Freenet, Tahoe-LAFS and many other systems). This cryptographic name-system means a "name" is the hash of a public key ("eeew that's ugly"-- yes, hang on). That hash name can be updated only by the holder of a private key (how? via the DHT and other record distribution systems, more on that later). The important part is that it (a) does not require consensus at all, anybody can make names (it's just a key pair!), and (b) it can be updated really fast over DHT, Pub/sub (multicast) and other network distribution systems.
(2) Second, it delegates the human-readable naming to _other, existing_ name authorities (note that _stable global solutions_ to this problem require consensus). We don't want to have to make _our own_ naming authority, lots exist already: DNS, all the DNS alternate universes, and more recently in the cryptocurrency world: Namecoin, Onename, and even Ethereum is making one. So, _instead of adding one_, we just work with all of them, and integrate. You can bind an IPNS name (a public key path, like `/ipns/QmbBHw1Xx9pUpAbrVZUKTPL5Rsph5Q9GQhRvcWVBPFgGtC`) to a name in those authorities _once_, and never have to do it again. For example, with DNS you do this:
1. setup a DNS TXT record like: dnslink=/ipns/QmbBHw1Xx9pUpAbrVZUKTPL5Rsph5Q9GQhRvcWVBPFgGtC
2. continue using QmbBHw1Xx9pUpAbrVZUKTPL5Rsph5Q9GQhRvcWVBPFgGtC as usual.
You'd have something similar with Ethereum, Onename, Namecoin and so on: you just link to the IPNS name once. Now you can use your private key to update that name whenever without paying the cost of going on the consensus network. And So, resolving an IPFS url like:
(Note at time of this writing, /ipns/ipfs.io links directly from `/dns/ipfs.io -> /ipfs/QmcQBvKTP8R7p8DgLEtKuoeuz1BBbotGpmofEFBEYBfc97`, not through IPNS, as this is good enough to run a static website for now, and it makes it more robust as we experiment with lots of IPNS things).
One more thing: resolving names via local-names and paths (i.e. a web of trust, using either SDSI style naming, or SFS's much nicer path version) is entirely possible and averts the requirement of consensus for meaningful human names. This is really useful and cool, and we will experiment with it in the future. But in general, this doesn't (IMO) give you the ability to do "global long-term reliable" names, as "jbenet" might mean something different to different segments of the network, so i couldn't _print_ the words "yeah, just go to `/jbenet/cool-site`" in _paper_, because there would be no global consensus for `/jbenet` and i would like to make sure all my references are viewable by anyone across space and time.
Full SQL is much harder to implement, JOINs done well (read: fast) are tricky, constraints and so on as well. NoSQL is easier because it punts on all the hard database problems and leaves it up to the application layer.
I totally agree. leaving aside the granular details in the article this is the future. Bitcoin protocol, ethereum, ipfs, openbazaar, bittorrent etc are the blocks that content will be rebuilt on. The SAFEnetwork is a cool project as well. Someone needs to hash whatever DNS becomes into the blockchain so ther are no more CAs. This is all coming. Can't wait.
For instance: I'm not clear on how IPFS protects applications from DDOS. Systems like IPFS spread the load of delivering content, but applications themselves are intrinsically centralized.