I’m sorry if my question is out of place, as of now I’m still planning to host a node, but I’m hesitant because of the lack of information about this. So I’m planning to use my PC that I use on everyday basis… this PC is what I use to open my email accounts and do my financial transactions, I tried to research about port forwarding and basically what I understand is that I’m opening a port directly for a computer outside my LAN, my concern is: can anyone other than Storj can have access with my router or my pc? Is it safe if I use this kind of pc for hosting?
I personally wouldnt recommend using your daily PC to run a storagenode, This will require you to run it 24/7. Its better to have a machine that is dedicated to only a storagenode if you had an extra system that is unused is better.
If you were to run a storagenode on the daily driver you would need to have another hard drive and not running off the OS hard drive you will slow your entire system down. You will have a single port opened to the world which is used for the storagenode consider it a warning not to have personal information on this PC because anything is possible.
4 Likes
We recommend using a dedicated machine for ideal performance, but if running the storagenode software on a daily-use system makes enough money for you, then that is fine to do. As far as safety goes, I don’t know of any reason why it wouldn’t be safe. We go to some lengths to make the storagenode software avoid touching any files it does not own, and to authenticate and validate all incoming requests, so it should not be possible for any network client (including Storj itself) to make your storage node software read your personal files.
Having said that, there is always the possibility of some remotely exploitable security flaw that we don’t know about. I would say the probability is quite low, lower than the possibility of a remotely exploitable security flaw in, say, your web browser. This is because:
- Go is a fairly secure language for network code, in that it is a lot harder to leave an opening for a stack overflow or a buffer overrun than it is in a language like C or C++.
- The storagenode code is entirely open-source, so security researchers or other interested folks can audit it for security problems at any time. We aren’t big believers in the “many eyes make open source secure automatically” theory, but we do feel that open source is one part of a viable approach to good security.
- We take a security-first approach to development. We will never design a piece of new functionality without evaluating its security implications. Security must be integral to software design; it is very hard to add effective security to software after it is already written.
And finally, I will note some ways to mitigate the risk of a security flaw in the storagenode software:
- Run the storagenode inside some sort of sandbox or container. If your host OS is Linux, one simple way to do this is with Docker. In fact, that is the recommended way to run a storagenode on Linux. (It is also possible to run the storagenode on Docker under macOS, although that is less performant because it introduces a virtual machine layer in the middle.) Using a container can limit what an attacker will be able to do, should they gain control of the storagenode process somehow. If you are running on Windows, Docker is also an option there, but I’m not an expert on what the performance implications are in that case. Someone else would need to chime in on that. I understand there are also other ways to run containers on Windows.
- Use some sort of Mandatory Access Control. On Linux, this might be AppArmor or SELinux. On Windows, it’s Mandatory Integrity Control (MIC). MacOS uses the TrustedBSD MAC framework. Unfortunately, as things are, you’d probably need to be something of an expert in these systems to use them effectively here.
- If those aren’t options, you might choose to run the storagenode software inside an entire virtual machine (VMWare, Virtualbox, etc). That has the potential to slow some things down, but ought to provide an easy way to isolate the storagenode process from the rest of your system.
8 Likes
Security is important, but I’d also check how much power your PC uses when idle… Depending on the type of PC (desktop, laptop, …) and its hardware parts, it may draw quite a lot of power if it were to stay ON 24/7.
Nodes do not get SNOs a high revenue, especially during the first year. You may find this community estimator handy: copy it to your Google account and fill in your numbers to have an idea on what it could get you and if it would cover your electricity costs of running your PC 24/7:
2 Likes
Thanks for the replies guys, I forgot to mention that I’m also using my pc as a miner rig with 2 GPU, I actually just started a few days ago, so basically it’s working 24/7 so I thought of adding a storage hosting would be good. So for safety purposes I think it’s just right to run it to a dedicated pc for mining and storage hosting…
1 Like
You should look into possibilities to move the mining/storj thing to a dedicated machine and get yourself an office PC from the ~400USD class for your daily finance/browsing/private stuff. And by “moving” I simply mean dedicating your current “do it all” PC to mining and storj exclusively.