Urbit doesn't have a way to prevent, say, AWS from running Nock incorrectly, but the determinism does make it auditable: I could download my event log, replay it locally, and verify that it results in the exact same current state as what AWS got.
-
-
-
Replying to @urbit @evan_van_ness and
Having an auditable computer essentially allows you to decrease the size of the trusted computing base, since you can compare results of interpreters written in different ways.
1 reply 2 retweets 9 likes -
Replying to @urbit @evan_van_ness and
We've found bugs in our standard interpreter by comparing its results to one written in Java, for example.
1 reply 1 retweet 3 likes -
Replying to @urbit @evan_van_ness and
For a theoretical examination of these questions, see https://dwheeler.com/trusting-trust/ (which is of course a response to the classic https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf …).
1 reply 1 retweet 4 likes -
Replying to @urbit @evan_van_ness and
As for preventing the hosting provider from inspecting secrets, this is normally secured against legally with the terms of service.
1 reply 1 retweet 2 likes -
Replying to @urbit @evan_van_ness and
Amazon would be in trouble if it got caught scraping its customers' private keys out of EC2 volumes.
1 reply 1 retweet 2 likes -
Replying to @urbit @evan_van_ness and
You can also migrate your Urbit state from one provider to another seamlessly (by zipping up the event log, copying that file to another machine, and starting Urbit again)
1 reply 1 retweet 6 likes -
Replying to @urbit @evan_van_ness and
Which should provide good market dynamics; it's pretty unlikely that there isn't some hosting provider somewhere that respects its clients' privacy.
1 reply 1 retweet 3 likes -
Replying to @urbit @evan_van_ness and
If you're still worried, it's theoretically possible to use secure enclaves such as AMD's memory encryption (https://developer.amd.com/sev/ ) to protect yourself from your hosting provider
1 reply 1 retweet 3 likes
We don't have an implementation for this, but multitenant virtualization is scary in this post-Spectre world, and there's nothing about Urbit that would prevent it from utilizing that tech.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.