Enable outgoing ports for IPFS peering (part 2) #2082
Comments
|
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗 |
|
Can you explain a bit more about why you need to access this in order to fetch files from IPFS? I missed the conversation in #2069 so asking my question now: I think fetching data from IPFS is fine, however we want to prevent mybinder.org from becoming a source of traffic. I think the latter would only happen if it would become possible to run IPFS nodes on mybinder.org that end up "seeding" (BitTorrent terminology but I don't know the right IPFS jargon) files. Even for sample data that you want to use (that is what #2069 sounds like) my question would be "why not upload a (sample dataset) to Zenodo if your normal hosts are too unreliable?" I can see the attraction of IPFS, it is a cool idea but on mybinder.org we try to only allow things that are really, really necessary because it becomes tricky to say no to things once you start allowing a lot of things. Hence the question "Why can't you upload your sample data to a reliable hoster (of which Zenodo is one) to which we already give people access?" Having a good answer to that question helps justify why IPFS is allowed when other services aren't. |
|
Yeah, I don't understand too much about IPFS, but binder definitely shouldn't ever be used to serve anything. getting IPFS data is appropriate, and I think it probably makes sense to support what's required for that, but it should only ever be a 'leech' on a p2p network. |
|
The pinning services like pinata, temporal, and eternum which I think this is about, would take over the peer-of-last-resort role, for a fee... but this is achieved by acting as a server long enough for the pinning service to download the whole DAG. Anyhow: it seems like the threat of abuse rises substantially if a mybinder.org container can be used as an IPFS "seed" of a particular CID, even if the intent is for it to be used to bridge to a pinning service. From a p2p perspective, there might be some very interesting things that can happen if we can get an in-browser extension working, as that would more equitably shift the burden to the swarm of browsers... and this might be sufficient to get a "pinnable" (if slow) solution. The use case might then be like:
|
|
It sounds like this got a bit out of scope. |
I'd argue we're right on scope, trying to determine the impact to security/abuse with respect to a relatively new networking paradigm. While p2p-in-the-cloud-chain sounds very cool, at the end of the day, somebody pays for every binder pod build and launch.
It does look like estuary, in specific, has an API to add arbitrary data, so perhaps that would work for your uploading needs. But of course, beware putting your creds into binder! But even though we know nobody is going to be doing any FileCoin speculating on mybinder, "alpha" and "free-as-in-beer" and "IPFS" and "FileCoin" trigger alerts in my head.
Right: the pinning API merely triggers the beginning of an |
|
@sheriflouis-FF For the benefit of people not familiar with IPFS I think it'd be helpful if you could explain:
As others have pointed out a lot of people abuse the free compute offered by mybinder.org, so unfortunately minor benefits aren't enough- there are 1000s of ports people would like us to open for a wide range of applications. It therefore needs to be a significant increase in utility that outweighs the additional abuse that is possible. |
|
Hi @manics,
Estuary is a hosted service by Protocol Labs that allows external users to store their data safely on two decentralized storage technologies: IPFS and Filecoin. Estuary in itself is an IPFS node. when you upload a file to Estuary it is stored on the Estuary nodes and published to the IPFS network. In the background the data is backed up to Filecoin.
Is the method by which a user tells IPFS to not garbage collect data. When you write a file to IPFS you add it and it is subject to garbage collection if it does not get accessed for some period of time, or local storage space fills up. If you pin it, you tell the IPFS to never GC that data.
Users who use IPFS to store their code, and datasets can benefit from storing that data on Estuary and retrieve it on mybinder and the other way round. The way to do this is to install IPFS on the mybinder instance. IPFS by default uses port 4001 while Estuary uses ports tcp: 6744,6745, udp: 6746 I hope this is sufficient information. |
|
In some ways, this feels like we want to allow outbound HTTP but some particular set of servers use a non-standard port :( Is this a common occurance in the IPFS world? |
|
Thanks for taking the time to explain to the newbies @sheriflouis-FF and to @manics for realising that this is something we need. I think I now better understand what estuary is and why people use it. What I still don't quite understand is what (significant new) functionality is enabled by allowing people to use it. My (naive) understanding is that someone uploads data to IPFS from somewhere that isn't mybinder.org, by default this data could get garbage collected, so people use a service like estuary to prevent that from happening. What I don't quite understand yet is why people who just want to fetch data from IPFS need access to a service like estuary. It sounds like interacting with estuary is all about marking data (and paying for it?) to be stored "forever". This means as someone who just wants to consume data I don't need to care about estuary, I just talk to IPFS. My conclusion right now is "there must be something I'm missing" |
|
@yuvipanda no this is not standard, it is something that the Estuary team decided on. |
This is a continuation to #2069
I want to be able to use a remote IPFS pinning service like https://estuary.tech/.
estuary.tech's IPFS services listen on ports: TCP, 6744, 6745 and UDP 6746
Estuary primary node:
`
ListenAddrs: []string{
"/ip4/0.0.0.0/tcp/6744",
},
Estuary shuttle node:ListenAddrs: []string{"/ip4/0.0.0.0/tcp/6745",
"/ip4/0.0.0.0/udp/6746/quic",
},
`
cc. @yuvipanda
The text was updated successfully, but these errors were encountered: