Hacker News new | ask | show | jobs
by happynaut 3065 days ago
There's someone working on a rust implementation at the moment. I can't find a link to the repository just now, but there's plenty of threads on it if you search 'rust' at the top right of patchwork (after installing and adding a pub.)

I'll find the repo and reply to this thread when I'm home later :)

There were some previous efforts towards a Go implementation, but I'm not sure how far along they got: https://github.com/maackle/ssb-igo

By the way, there's some beautiful protocol docs for scuttlebutt here: https://ssbc.github.io/scuttlebutt-protocol-guide/ =]
2 comments
hardfire 3065 days ago
just noticed that the go implementation you linked to [https://github.com/maackle/ssb-igo] is actually "the game of Go on ssb"
link
happynaut 3065 days ago
Haha, woops! I meant https://github.com/andyleap/go-ssb

I guess it was muscle memory since I was looking at the ssb-igo repo earlier.

link
maackle 3065 days ago
A great game, a programming language, and the 49th most common word in the English language walk into a bar...
link
Rhapso 3065 days ago
Thanks, I really like the core ideas of ssb but the nodejs implementation and lack of a security review give me a lot of professional reservations. I'm inclined to fork and use a more off the shelf method of securing p2p connections. The practice of binding a "secure" web-server to localhost is also a bit [dubious](https://security.stackexchange.com/questions/86773/how-secur...).
link
happynaut 3065 days ago
What's your reservations about it being implemented in nodejs? It's not my favourite technology stack either (I much prefer scala / haskell), but it hasn't deterred me from using it or contributing to the project.

I wonder if a security review is something that can be funded through the open collective that is being set up (https://opencollective.com/secure-scuttlebutt-consortium ) or some other funding source.

By the way, the repositories that I mentioned earlier for the Rust implementation of the protocol in progress are mostly here:

https://github.com/AljoschaMeyer?tab=repositories

link
Rhapso 3064 days ago
I have issues with js as a language but those are not security issues. My security-related issues are with the nodejs package infrastructure.

https://www.csoonline.com/article/3214624/security/malicious... The sprawling dependencies alongside potential security/breaking issues are huge. It is a large and vulnerable attack surface.

link
happynaut 3062 days ago
Fair play!
link