-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
59 lines (43 loc) · 7.32 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Distropia - a P2P Network.
Introduction
Distropia is a "Social Network" Client, which is not based on a central server, but stores its data decentralized in the network. The idea is, that every family or organization runs a Distropia node, where they create their accounts on. Every users data is divided into private and public parts. The public part will be freely shared in the network. The private part contains the information, who could read which public data. But let me explain:
Technical
1. Nodes
Every Distropia server is called a node. Every node has a public ID (will be created at first launch). It is trying to connect to the network by its already known nodes (bootstrap). After it is connected it provides services to the network, as it could serve as a relay and a data storage. Every node is able to create a signature, which allows the node to authenticate again against each other. So even if a nodes addresses change, an attacker is not able to hijack the node id, if two nodes were already known to each other.
2. Network layer
The network layer consists of two parts. At first there is a Kademlia DHT (Distributed Hashtable). The DHT has the task to function as a data storage for a) at which addresses a node is reachable and b) at which nodes an users data is available.
On top of that runs an own protocol, which has the task to allow nodes to communicate to each other. It is able to detect if the node is firewalled (could open ports with UPNP) or could even tunnel the data through other nodes. For that it searches three other nodes, which will serve as a proxy (hanging notifications). The magic number >=2 is taken to receive data over different routes (important for initiating encryption), the third node is needed to give a time buffer for searching a new third node, if one node fails. This own protocol is built on top of http. The idea is to make the service available even through firewalls and proxies. On address change every node publishes to the DHT, and online nodes, which stand in direct relation (users are there, which are friends of logged in users), where it could be connected to.
3. Users
Users could create an account at every node ( but you should prefer your own one ). Every user has two databases, the private one for private keys/public keys of other users and data you don't want to share and the public database, which will be freely delivered to other users/nodes. The private database is encrypted with the users password.
If the user browses another user, or makes friends with him, the other users public database is fetched to the local Distropia node.
It is kept in sync by two mechanisms 1. from time to time and at logon the Node searches for new database entries for that user on the nodes, which it found in the Kademlia DHT. 2. When ever a user modifies his public database (as he knows, which are his friends and if they are online and at which node, the protocol allows the node to instantly push the changes to that other node.
Whenever an user is creating a new object in his public database (like a chat message, status, a "like", or picture) he has to select, who should be able to see the data. Distropia looks if for that group of users (or user) is an AES key already existing. If not, it creates a new one and encrypts it with every public key of every user, who should be able to see the data. This goes into a special keystore- table in the public database. After that the object is encrypted with that AES key. This ensures, that every object is only decrypt-able by the users, who are allowed to see it. (If you want you could "like" opposite statements of people, without let them seeing it. If you have a multi personality for example ;) But the danger they talk to each other still remains :( )
This way of publishing public databases, every "friend" of a users automatically functions as a data store for all his data, if the users nodes are not online.
3.1 Searching for uses and making friends
As it is a distributed network, everybody could create an account as the person he likes to be. To be sure, that the person is really the one you have searched for, the only possible solution is, that you have to ask them a question, when you want to add them as friends. If you are satisfied with the answer, public keys get exchanged.
4. Updates
As the project is open source it is expected to have spinoffs. For that a branch identifier is added to each node. A user can select his preferred branch. After confirming and copying down the public key of the creator, whenever the nodes finds another node of the same branch and a newer version, it will download an index-file from it. This index-file contains the name of every file of this release with it hash sums. This file is signed with the private key of the creator. The node now checks against itself, which files differ and then starts asking the network to deliver the remaining with the right hash sums. After that it replaces itself and restarts.
5. Architecture
Java was chosen as language, because it is spread widely. It runs from smart phones to fridges.
The first (desktop) client is written as a tomcat servlet. It is meant to run as a service at the computer and to be used within a browser. The client library used here is GWT (specifically smartGWT). Why have I done that? The idea is to let the service run whenever your computer runs. This way it could get the data, the users want, and push out their data also, even when they aren't logged in. In an organization, or family it could share the data of friends, users have in common. The UI is implemented as a website, so you can use it with external browsers to. This is also meant to close the gap until a smartphone client for your phone is created. SmartGWT has also the benefit, that one could create relatively easy skins for it.
6. What is done so far.
The network layer is nearly finished. I have just begun creating the user databases. I'm sorry that the project is poorly documented and the client part is only in german so far. I'm releasing this far ahead of planned date and thought I would had some more weeks to test and built up the prototype until its initial running state.
7. Currently working on
- Building the user database and GUI.
8. How to get started
- Download and install Java JDK >=1.6.
- Download the Distropia sources from GitHub.com.
- Download Eclipse Indigo EE - Edition from eclipse.org (use the EE edition, or you will fail later).
- Add the Google GWT Plugin to Eclipse (google will help).
- Download actual Apache Tomcat 7 and add it to Eclipse as a server (google will help).
- Import the project into Eclipse workspace.
- Rightclick the project, select properties.
- Under "Java Build Path/Libraries" bind the JRE System Library to your library
- Go to Google/Web Toolkit, deselect "Use Google Webtoolkit"
- Open properties again, go to Google/Web Toolkit, select "Use Google Webtoolkit"
- Go to Java Build Path/Order and Export
- Make sure GWT is the second entry, just after Distropia/src
- Save and you are ready to go, how to run a WebProject on a TomcatServer, please again use google
- Don't forget to start GWT compile to create the Javascript resources
- When the program runs in tomcat, you could access its webpage at http://localhost:8080/Distropia as long as DEBUG_PRINT_DEBUGPAGE_ON_GET is switched to true, you could see a debug page at http://localhost:8080/Distropia/Backend
9. Contact me at vjay at gmx.net