they haven't solved secure multiparty computation, unfortunately; users run their own server, trusting the environment it runs in (mine is on my laptop, but yours could be on AWS if you want uptime guarantees)
-
-
Replying to @mattgcondon @urbit
Ok thanks, think it is a bit clearer for me after this discussion. Thanks for your help.
0 replies 0 retweets 2 likes -
Urbit doesn't have a way to prevent, say, AWS from running Nock incorrectly, but the determinism does make it auditable: I could download my event log, replay it locally, and verify that it results in the exact same current state as what AWS got.
1 reply 1 retweet 9 likes -
-
Replying to @urbit @evan_van_ness and
Having an auditable computer essentially allows you to decrease the size of the trusted computing base, since you can compare results of interpreters written in different ways.
1 reply 2 retweets 9 likes -
Replying to @urbit @evan_van_ness and
We've found bugs in our standard interpreter by comparing its results to one written in Java, for example.
1 reply 1 retweet 3 likes -
Replying to @urbit @evan_van_ness and
For a theoretical examination of these questions, see https://dwheeler.com/trusting-trust/ (which is of course a response to the classic https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf …).
1 reply 1 retweet 4 likes -
Replying to @urbit @evan_van_ness and
As for preventing the hosting provider from inspecting secrets, this is normally secured against legally with the terms of service.
1 reply 1 retweet 2 likes -
Replying to @urbit @evan_van_ness and
Amazon would be in trouble if it got caught scraping its customers' private keys out of EC2 volumes.
1 reply 1 retweet 2 likes
You can also migrate your Urbit state from one provider to another seamlessly (by zipping up the event log, copying that file to another machine, and starting Urbit again)
-
-
Replying to @urbit @evan_van_ness and
Which should provide good market dynamics; it's pretty unlikely that there isn't some hosting provider somewhere that respects its clients' privacy.
1 reply 1 retweet 3 likes -
Replying to @urbit @evan_van_ness and
If you're still worried, it's theoretically possible to use secure enclaves such as AMD's memory encryption (https://developer.amd.com/sev/ ) to protect yourself from your hosting provider
1 reply 1 retweet 3 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.