►
From YouTube: IPFS Weekly Call May 27th, 2019
Description
newsletter: https://tinyletter.com/ipfsnewsletter
A
Hello,
everyone
and
welcome
to
the
ipfs
weekly
call.
This
call
where
we're
able
to
see
the
cool
stuff
that
people
are
doing
in
the
ipfs
community
and
today,
we'll
get
right
into
it.
I
am
Preston
from
Pierre.
Ecos
is
going
to
tell
us
about
his
project,
which
is
Yui,
p2p
storage,
so
we'll
learn
about
how
he's
using
IPS
and
learn
more
about
this
really
interesting
project,
so
we're
just
gonna
get
right
into
it,
and
I
am
Preston
or
dr.
Preston.
If
you
can
start
sharing
that'd
be
great.
A
B
B
Rio
is
your
data
secure?
Sadly,
for
most
people,
the
answer
is
no.
So
as
a
portraitist
and
I'm
going
to
introduce
you
to
ping
us
and
tell
you,
how
would
you
what
we
do
and
why
the
first
let
started
some
motivation.
So
what
do
we?
What
am
I
trying
to
do?
What
we're
trying
to
do
with
PMS
I
want
to
store
my
files
online,
but
without
Dropbox
being
able
to
read
them.
B
We
dig
a
little
deeper.
We
can
split
our
desires
into
three
main
categories.
The
first
one
is
security,
so
we
want
a
safe
login
and
also
that
means
was
a
lot
of
you
mean
in
a
decentralized
system,
strong
crypto,
ideally
post
quantum,
you
wanna
hide
file,
metadata
like
names
and
sizes
and
directory
structures,
and
we
want
to
be
independent
of
the
TLS
certificate
authorities
and
DNS.
B
B
We
don't
know
exploded
that
to
anyone,
not
even
the
service
provider,
but
I,
don't
mean
the
storage
program
and
we'll
treat
you
darkness,
so
no
need
to
put
in
a
phone
number
or
even
an
email
address.
And
finally,
if
you
want
anyone
to
actually
use
it,
it
has
to
be
convenient,
and
these
days
convenience
means
a
web
interface.
So
you
should
be
able
to
log
in
from
any
device
should
have
easy
file
syncing
across
devices.
You
should
be
able
to
publish
files
to
people
who
are
not
users
of
the
network
in
an
easy
way.
B
B
Idns
or
equivalent
to
it,
is
basically
mapping
from
public
key
to
a
hash.
We
use
I've
been
s
itself
yet
I
would
like
to,
and
the
only
other
thing
we
have
is
essentially
a
PKI
which
itself
stores
its
data
a
night
BFS
and
IP
NS,
and
so
a
peg
loss
server
talks
to
these
these
three
main
components
and
a
client.
It
goes
client
talks
to
a
peg
or
server,
and
the
only
only
data
is
outside
of
ipfs.
B
So
you
have
everything,
has
a
well-defined
path
and
your
file
system
has
a
tree
of
symmetric
keys,
now
use
tweet
NaCl,
and
we
have
cryptographic
links
between
these
keys
in
a
structure
called
crypto,
which
I'll
talk
more
about
in
a
second,
and
so
you
end
up
with
a
location
plus
a
key
is
cryptographic
access,
token
or
a
capability,
and
that
allows
you
to
do
something
like
read
a
file
or
read.
A
directory
will
write.
B
We
explicitly
done
use
converting
encryption,
because
that
leads
the
contents
of
your
files,
and
this
is
a
diagram
of
the
tree
structure
used.
You
can
see.
We've
got
a
directory
on
the
left,
a
subdirectory
in
the
middle
and
file
on
the
right,
so
each
box
is
a
symmetric
key
and
each
arrow
is
is
a
link
from
one
key
to
another
and
by
link
I
mean
it's
the
the
target
key
encrypted
with
the
source
key.
B
So
if
you
have
one
of
these
keys,
you
can
follow
links
from
that
key
around
the
diagram
and
drive
all
the
keys
and
so
yeah.
So
you
can
see
a
directory
has
two
keys:
a
base
key
and
a
parent
key.
The
base,
key
controls,
access
to
the
children
of
that
directory
and
the
parent
key
gives
you
access
to
two
things.
B
We
also
have
two
keys,
but
don't
files
don't
have
any
children
so
the
base
key
there
is
the
parent
key
and
the
other
key
is
the
donor
key,
which
is
used
to
encrypt
the
actual
data
and
similarly,
the
metadata,
which
has
more
things
now.
It's
like
file,
size
and
mime
type
and
so
on,
they're
all
encrypted
with
the
parent
key.
B
Now
this
this
is
the
treat
for
controlling,
read
access.
So
if
I
wanted
to
share
a
file
with
someone,
as
well
as
the
location
which
we'll
talk
about
later,
you
share
this.
This
parent
key
for
the
file
the
base
key
similarly
Pro
directory-
and
that
gives
you
access
to
the
entire
subtree
of
that
directory
with
just
the
one
to
one
key
and
location
and
the
corresponding
structure
to
this
for
right
access
looks
a
lot
simpler.
B
B
For
each
thing,
and
that
key
has
a
link
to
or
what
encrypts
the
the
key
pair
for
that
directory
or
file,
and
so,
if
someone
has
the
the
base
right
key
for
a
theme,
that
means
that
they
can
then
derive
the
key
pair,
and
that
key
pair
is
is
it's
effectively.
The
IPS
keep
their,
which
is
used
to
sign
modifications
to
do
two
thing,
and
so
that
means
that
they
can
then
modify
it.
B
So
we've
taken
the
view.
The
right
access
implies
read
access
that
the
trees
are
actually
independent,
but
you
only
ever
share
Y
access
will
read
access,
UNIX
doesn't
technically
do
that,
but
the
exceptions
done.
Don't
really
apply
to
the
files
they're
more
for
things
like
a
service,
that's
listening
and
you
can,
you
can
write,
become
read
it
kind
of
thing.
So
you
think
that
makes
sense.
B
So
that's
I'm
going
to
talk
now
about
what
what
actually
happens
when
we're
uploading
the
files.
So
we
take
the
raw
file,
we
split
it
into
five
megabytes
chunks.
Each
of
those
five
Meg
trunks
is
independently
encrypted
and
those
are
then
Charlotte
into
40
frames
with
a
few
things
within
each
fight.
Make
chunk
of
rounding
it
up
so
that
you
can't
you
introduce
the
size
of
the
file.
B
Modulo
five
mate
so
come
over
exactly
I
think
we
reran
allowed
two
modules
at
least
four
okay,
maybe
more,
and
then
anyway,
so
during
upload
these
these
encrypted
frequency,
but
those
might
be
first
and
then
we
have
an
encrypted
metadata.
The
critter
II
blob
with
local
links
to
these
fragment
hashes
and
each
of
those
tree
things
ends
up
in
another
data
structure
called
a
champ.
So
this
is
an
IP
ID
diagram.
B
You
can't
figure
out
if
something
is
a
directory
or
just
a
small
file,
so
the
serialization
is
identical
for
both,
so
that
helps
you
to
hide
the
the
directory
structure,
but
even
the
judge,
even
just
in
topology
of
a
little
uma
names
so
how
to
share
a
work.
So
we
used
a
public
boxing
key
and
to
send
a
photo
request.
B
What
I
do
is
I
create
a
directory
for
that
friend
in
my
space
and
I
send
a
read
capability
to
this
directory
and
I
encrypt
it
to
the
friends
public
boxing
key,
and
this
thing
gets
sent
and
stored
on
the
on
the
friends
storage
server
until
they
next
login
and
retrieve
it,
and
then
they
delete
now
after
they
processed
it.
So
what
this
means
so
that
that
sharing
mechanism-
currently
that's
co-chief,
fi
1:9,
so
I
mean
scared,
mai-san
files,
currently
one
or
two
it
to
a
large
quantum
computer.
B
If
someone
had
but
will
move
to
your
post
quantum
encryption
scheme
as
soon
as
are
clear,
canada
arise,
which
is
progressing
rapidly
so
now
the
next
calorie
convenience.
So
what
does
a
login
mean
in
a
decentralized
system?
So
we've
explained
already
that
piggy
got
some
capability
based,
so
we
can't
stop
someone
from
getting
the
ciphertext
of
something.
B
What
we
can
do
is
control
access
to
keys,
and
so
what
we
do
is
you
take
your
password
and
salts
it
with
your
username
and
send
it
through
a
memory,
hard
hashing
function
called
script
and
it's
tuned
to
take
a
second,
and
the
output
of
that
is
three
things.
We
get
a
a
root
symmetric
key
assigning,
keep
it,
which
is
your
identity,
key
pair
and
a
boxing
key
pair
as
well,
and
these
are
only
ever
stored
in
RAM
and
poke
cuts
and
note
into
disk
or
transmitted.
B
So
public
links
are
basically.
This
is
just
a
capability
encoded
in
the
link
itself.
This
is
a
fairly
standard
technique
these
days,
but
you
have
the
location
which
has
two
parts
to
it:
there's
the
the
public
writing
key
and
there's
a
label
in
it,
which
is
the
lookup
key
in
the
champ
and
then
there's
the
actual
decryption
key,
and
these
are
all
put
appended
after
the
hash
in
the
URL,
and
so,
as
we
know,
that's
not
sent
to
the
server.
B
So
now
the
next
calorie
security
counter
login,
we
cracked,
so
brute
force,
is
practically
impossible
with
a
good
password.
So
it's
obviously
only
as
secure
as
your
password
and
we
we
put
some
work
into
trying
to
help
people
choose
good
passwords.
So
to
the
point
where
now
we
actually
have
a
button
which
will
generate
a
password
for
you
in
the
browser,
but
so
with
a
password
that
has
full
of
training,
characters,
alphanumeric
characters
about
294
possibilities
or
10
to
25.
B
B
So
that
means
that
one
GPU
cracking
a
single
users
login
would
take
about
10
to
the
19
seconds
or
300
billion
years,
or
if
you
had
300
million
GPUs,
it
would
still
take
a
thousand
years
and
those
300
million
GPUs
the
costs
just
to
buy
them
to
learn
the
electricity
to
run
them
would
be
300
billion
u.s.
dollars.
B
So
you
can
compare
that
to
various
budgets
and
very
consider
you
your
own
threat
model,
but
at
the
other
end
of
the
spectrum,
if
you
drop
to
even
I,
think
something
like
an
eight
character
password
that
actually
only
costs
something
like
10,000
dollars
to
crack
the
year
so
password
length
matters
and
what
about
quantum
computer
based
attacks?
I
already
mentioned
that
shared
files
currently
wrongful
to
the
quantum
computer.
B
However,
it
files
that
aren't
shared
so
just
your
own
files,
they
are
actually
already
safe,
and
the
reason
for
this
is
to
get
from
nothing
to
reading
your
files.
There's
only
two
operations,
the
script,
hashing
and
there's
symmetric
encryption,
and
neither
of
those
are
vulnerable
to
a
computer.
Now
like
a
factor
to
speed
up
a
non
exponential
speed-up.
So
those
are
actually
fine
and
then
the
classic
complaint
that
JavaScript
crypto
is
insecure.
B
B
They
can
just
download
the
JavaScript
and
log
in
and
do
it
for
people
who
are
who
are
more
paranoid
and
maybe
don't
trust
even
DNS,
then
they
can
download
the
source
themselves,
verify
it,
compile
it
run
it
locally
and
with
the
power
of
IP
first
they
don't
need
a
DNS
address
or
anything
like
and
so
yeah
this
we
can
cater
to
a
range
of
fragments.
Basically,
this
is
the
idea
it
has
a
build
security.
We
have.
Reproducible
builds
on
really
both
server
and
front-end.
We
only
have
eight
JavaScript
dependencies,
all
of
them
bended.
B
B
B
B
We
have
a
very
basic
text
viewer,
so
there's
a
recipe
for
lamb
stew.
We
can
also
play
videos.
This
is
a
more
impressive
demo,
so
this
is
a
loved
one.
So
if
we
look
at
the
sizes,
since
I
once
had
an
20
make,
so
if
we
play
that
Humphrey
Meg
would
take
something
like
a
minute
or
so
to
download,
but
this
will
start
playing
as
soon
as
it's
downloaded
the
first
5
min.
So
you
remember:
the
5
make
chunking
thing
this
meat.
B
B
B
B
Not
sure
why
that's
this
anyway,
so
we
can
create
a
public
link
to
the
media
directory
I'll,
open
that
in
a
new
tab
you
can
see
there's
a
bunch
of
other
siblings
here
too
the
media
directory.
If
we
go
to
the
public
link,
you
can
see
the
URL
there.
We
can
see
the
things
that
we've
just
been
granted
access
to
and
if
we
go
down
a
directory,
then
all
the
images
are
there
wicked.
But
if
you
go
back
up,
we
can't
see
any
siblings
and
that's
that's
not
just
to
you
I
think.
B
So
cool
yep,
the
rest
of
it's
fairly
self-explanatory
and
slides
right,
so
yeah,
the
other
big
news
is
on
Friday.
We
launched
our
outfit
for
pivots.
So
if
you
want,
you
can
sign
off
there's
a
limited
number
of
spots
on
it
then,
but
yeah
alpha
dot,
pick
us
don't
net.
Now,
if
you
want
to
read
some
more,
we
have
a
little
booklet
book,
stopping
us
at
all
or
just
check
out
our
source
and
get
them
if
future
plans.
B
A
A
Do
you
mind
if
you,
let's
see
alright
excellent?
First
of
all,
thank
you
very
much
for
your
presentation.
That's
wonderful!
Personally!
I,
really,
like
your
super,
clear
diagrams
of
how
you
encrypted
the
files
I
think
that
was
very
useful.
Thank
you
very
much
and
let
us
start
with
questions,
so
we
don't
have
so
much
time.
Davi.
Do
you
mind
picking
your
most
pressing
question
and
it
will
move
on
to
other,
so
they
can
ask
questions.
A
C
A
B
We
take
the
view
which
is
kind
of
more
information
if
they're
ready
for
you.
Once
someone
has
information,
you
can't
take
that
information
away
from
them
so
to
revoke
it,
so
the
keys
for
encryption,
keys
or
they're
all
symmetric
keys
or
there's
a
signing,
keys,
I
guess
as
well.
Basically,
you
just
rotate
the
keys.
If
you
want
to
revoke
access.
A
B
It's
all
sharing
is
internal,
and
so
once
you,
you
can
send
a
follower
request
to
someone
and
that
then
gives
them
a
read
capability
to
a
directory
in
your
space.
For
for
that
particular
friend,
and
when
you
share
a
file
with
them.
All
that
does
is
attach
a
capability
to
that
file
into
that
directory,
which
they
already
have
read.
Access
to.
A
B
Multiple
writers,
okay,
it's
whoever
has
has
the
key
at
the
moment
if
it
could
be
literally
the
same
user
on
different
machines
because
you
are
open
s
equivalent
is
basically
it
since
your
storage
server.
So
it's
not
decentralized
in
the
sense
of
openness.
When
we
move
to
openness
will
be
a
backup
for
it,
because
your
machine
disappears.
The
cool
thing
I
think
for
now
is
still
essential
air
service.
We
don't
have
fancy
CID
T's
yeah.
A
Okay,
so
those
will
be
the
questions
for
the
live
talk.
However,
this
is
what
we're
going
to
do
if
anyone
else
has
any
questions
when
we
put
up
the
video,
if
you
can
put
up
the
questions
in
the
comments
section,
then
that
will
be
another
like
alternative
way
for
you
to
get
your
answers
and
in
terms
of
next
week
or
format,
is
going
to
be
slightly
different
for
the
ipfs
weekly
call.
A
Oh
I,
see
Ali's
face
of
surprise
for
the
ipfs
weekly
call
we're
going
to
have
lightning
talks,
so
you
can
sign
up
five
minutes
during
a
call.
If
you
have
a
project
that
you
would
like
to
present
or
you
have
something
that
you're
working
on
that
you
want
to
get
out
there
and
get
some
feedback.
This
would
be
a
perfect
forum
for
that,
and
that
is
happening
next
week.
Next
Monday,
thank
you
everyone
and
is
that
a
hand
off
you
yeah.
C
A
So
I
think
yeah
that's
been
merged
and
we
were
about
to
do
it
this
week,
but
we
are
going
to
do
it
next
weekend.
It's
been
something
that's
been
in
the
works
for
about
a
month,
so
yeah
it's
there
and
it's
merged
cool.
Alright,
everyone
I
will
see
you
next
week
and
have
a
good
and
have
a
great
week.
Thank
you.
Everyone
and
thank
you.
I,
am
think
thanks.