dominictarr

'use strict'
var h = require('hyperscript')

/*
running this example:

browserify index.js | indexhtmlify > test.html
# then open in your browser

*/

dominictarr

Tahoe LAFS

Tahoe LAFS is a distributed file system with an interesting permissions model. (whitepaper) Both Immutable and Mutable files are supported (Mutable is the most complex and interesting) There are three levels of permissions, Write, Read, and Verify. Each permission is granted by giving a user a special key called a "capability". If you have the Write capability you can update the file, if you have the Read capability you can retrieve the plain text, but if you only have the Verify capability you can only validate the file integrity, but not read the contents.

The lower level capabilities are generated deterministically from the higher level capabilites.

dominictarr

We need better crypto primitives and modules - there are lots of standards out there that are dangerous! Things that seem like they should work, don't and this leaves security holes where they shouldn't be, or creates situations where an application must be implemented with knowledge of the internal features of crypto "primitives". example: length-extention attack on api authentication

What is right about the word primitive: simple api + clear security properties (* this isn't always the case, but it can and should be) But, there are other great crypto "primitives" (modules) that are made from actual primitives but never the less provide a simple api and clear properties. A good example of this is nacl's crypto_box it has eliptic curves, salsa20 and poly1305 to create a encrypted buffer that can only be decrypted by the intended key.

easy primitives

• hash (except hashes that have length extension attacks)
• digital signatures (bu

dominictarr

(module
  (func (export "foo") (param $foo i32) (result i32)
    (local $x i32)
    ;;if blocks (if, block, loop, etc) have a (result x) then they return a value!
    (if (result i32) (local.get $foo)
      (if (result i32)
        (i32.gt_s (local.get $foo) (i32.const 10))
        (i32.const 10)
        (block (result i32) (i32.const 1))
      )

dominictarr

High level style in javascript.

Opinions are like assholes, every one has got one.

This one is mine.

Punctuation: who cares?

Punctuation is a bikeshed. Put your semicolons, whitespace, and commas where you like them.

dominictarr

class DSL 

	def go (&block)
		instance_eval &block if block
		self
	end
	def self.go (&block)
		DSL.new.go(&block)		

dominictarr

module.exports = function (sbot, cb) {
  var help = null
  sbot.help(function (err, data) {
    if(!data.type) data.type = 'group'
    help = data
    var keys = Object.keys(sbot)
    var n = keys.length + 1
    keys.forEach(function (key) {
      if(sbot[key] && 'function' === typeof sbot[key].help)
        sbot[key].help(function (err, data) {

dominictarr

Consistent Archive Tree

motivation

Despite it's considerable age, Tape ARchive format (tar) is still in widespread use. This is unfortunate because has as several features that are footguns in a modern context.

Firstly, because it contains timestamps (ctime, mtime) then archiving the same files twice will give a tar file that has a few bytes different, and thus will have a different hash. creating a archive deterministically was not a priority when tar was designed.

dominictarr

node_modules/A/node_modules/B/node_modules/C/all.js

dominictarr

here are the most useful pull streams modules

combining pull streams

pull-stream

a library of simple functions that will be familiar functional programmers.

pull-cat