Development Update #119

DevOps

We have ansible scripts and docker containers for automating deployment.
Install docker and docker-compose
Then it will:

Switch from Void linux to Alpine:

We are switching defaults for our server deployment from Void Linux to Alpine linux, because of better support

Network Unreliability Affecting Unattended/Automated installs:

In China, Japan, Hong Kong and South East asia, DNS is not working reliably and we are internalizing external dependencies and golang repos into IPFS for peer-to-peer replication.

We have experience network unreliability for:
To rebuild client gui requires:
To only run the client/server/meshnet requires:

So we should be able to have skycoin node and meshnet nodes running completely from IPFS without depending on DNS and using only local resources. This should significantly improve deployment speed and reliability for unattended and automated installation.

The end goal is that:
This solves the following problems:

For instance for servers in Singapore, japan and Tokyo we are getting errors like this.

So for reliability we need to internalize all our dependencies to eliminate the possibility of disruption of access to network resources, preventing deployment and installation.

These are problems we are having right now. There is not even a war yet and the submarine cables have not even been cut yet. I cannot figure out why there are are so many problems with HTTPS, SSL and DNS lately.

We have even seen our installation scripts broken by errors indicating a SSL packet injection attack, which were only observed on servers at a large corporation that may be an interesting target for attack and only if we are accessing overseas resources. We have also observed DNS problems, when a VPN is used to particular countries and where traffic passes through particular countries.

DNS Is completely insecure and broken. DNS is completely unencrypted and 3rd parties can easily modify DNS packets in transit. It is not reliable anymore, because of the increasing weaponization of DNS by ISPs. I am getting these DNS problems in Singapore, Hong Kong an Taiwan now.

We also had failed DNS resolution cause an inability to access STUN servers, so the node was unable to determine its public facing IP address.

China’s cyber security policy appears to include blocking every overseas resource (such as docker), controlled or owned by an entity subject to US/NATO national security orders. Unreliable networking causes a slew of meaningless Docker errors that the program is not designed to handle.

No translation bounty

Discuss this post on telegram

Skycoin Telegram