iX-Storj Livestream Demo and Q&A with TrueNAS and Storj Thursday December 15th at 12PM PST/3PM EST

iX-Storj Livestream Demo and Q&A with TrueNAS and Storj Thursday December 15th at 12PM PST/3PM EST

2022-12-15T20:00:00Z

Join us on Thursday December 15th at 12PM PST/3PM EST for an iX-Storj Livestream Demo and Q&A with TrueNAS and Storj!

4 Likes

Few comments here.

  1. At 15:14 timestamp, this

    image

    was explained as: “you are opting into server-side encryption, so that in the browser client we will use that passphrase that you type in to decrypt stuff, but otherwise we can’t read that”.

    It appears to me that this contradicts reality: Server side encryption specifically means that the passphrase is stored on the server, to facilitate access to decrypted data with with S3 credentials. So yes, Storj can see the data. Not that they would, but it’s no longer client-side encryption.

  2. To get the described behavior, iXSystems should have implemented native support through uplink and storage grant. Instead, it appears they just added a branded S3 profile with hard-coded URL. I hope it’s a rough proof of concept, and not a final version.

  3. TrueNAS uses rclone to copy data, and by default its 4 threads. I seriously doubt the claimed 25GBps on the statistics slide that was a big talking point would be achievable with 4 threads to S3 gateway. Even with the tweaks for number of threads (to find which viewers were sent to the forum (!?), because why would this be in the documentation?). End result—the throughput from a that slide applies to Storj, just not Storj_IX integration.

  4. “Storj” is pronounced “ˈstɔːrɪʤ”, according to multiple Storj representatives on the official YouTube channel. While we can’t control what other people say, Storj representatives should set an example and not encourage alternative use, much less use it themselves. “we’ll keep going with Stor-JAY in the future” at 11:51 was very jarring. Just my opinion. It weakens the brand.

  5. Sync is not a backup. Let’s stop using these terms interchangeably.

I admit, I might be grumpier than usual, but I was looking forward watching this and was left deeply disappointed. And I’m long time TrueNAS and short time Storj user and enthusiast; please take it not as a complaint, but rather a constructive criticism.

2 Likes

Thanks for the constructive criticism, it is received well.

  1. Please refer to How to set up Pixelfed on Ubuntu 22.04 connected to Storj DCS - YouTube, where our Chief Architect explains what I was referring to (admittedly, not in the best way).

Even though we said all that business about Server Side encryption. This part of entering your passphrase is all processed on the client side. We’ve actually gone and compiled our go code so it’s running in your browser right now

So my intent was to convey that same kind of point related just to the browser.

  1. This question was actually asked on another stream, you can refer to the answer there iX and StorJ Q&A Livestream - YouTube. He mentions he sees a possibility of offering native support. He goes on to say a technical savvy user could set up a native solution today if they wanted.

  2. Yes, the beginning slides were intended as an introduction to Storj and say what’s possible. I can see how I can do better.

  3. The main thing I hear from a lot of customers/potential users is they don’t know if I’m talking about Storage or Storj in conversations. It’s probably every conversation and I often have to say “data storage” to clarify what I’m talking about. In this particular case, I had mentioned to Morgan before the stream that we don’t use Stor Jay. My intent was to try match what Morgan had decided to do.

Sorry it left you disappointed, it was geared towards being a brief intro to those who had never heard of Storj and how to set it up.

2 Likes

actually not. Your access grant is encrypted by your access key and requires to have a secret key. If you generated these S3 credentials to be public, then only the access key is enough to get read-only access via link sharing.
So every time you use S3 credentials they used to decrypt your access grant, stored on the server, and then this access grant is used to decrypt/encrypt your data.
We do not store your S3 credentials anywhere.
I know it’s less secure anyway, but Storj doesn’t have an access to your data, it’s still encrypted, and doesn’t have an access to your access grant, it’s encrypted too.
See Design Decision: Server-side Encryption - Storj DCS Docs

2 Likes

Oh, yes, The bucket viewing and decryption in the satellite UI does happen client-side, and it’s awesome (seriously, it’s a great attention to details). It wasn’t clear to me (and I watched again, still isn’t) from that statement (that was made in the context of configuring S3 access) that this does not apply to S3 gateway operation, that by necessity has to have access to the private key to work. Thank you for clarifying, I can see where the confusion comes from.

I haven’t seen this, thank you for the link! It was however the vaguest promise I have ever seen :). “down the road we can see offering a choice”… This isn’t planned, so I assume it’s not going to happen any time soon.

Yes, I’m aware of alternatives mentioned: using rclone crypt remote and/or hosting local s3 gateway, but those both are nonstarters:

  • rclone crypt kills web use case of accessing data plaintext via satellite web UI
  • installing and maintaining the whole local S3 gateway just because the edit box is missing in the configuration page is quite an unreasonable accommodation: if I had to go through the trouble of doing that-- I’d rather configure the existing rclone with native backend manually, and not bother with the provided IX_Storj integration.

Ideally, it should be a toggle in the sync task – use S3 gateway (where you input secret) or native client (where you input access grant, that includes private key, that never leaves your nas). Both options are needed as users on slow channels are more likely to pick the S3 gateway option. But this is a discussion for TrueNAS forum.

I can see how this can be ambiguous: “Upload data to storage”… which one? But that’s the brand name you guys picked, have to live with it :slight_smile:

From the doc you’ve linked (highlighting mine):

That means that you are passing your decryption information to the Storj-hosted authservice running within GatewayMT

The key here is the compute instance that is managed by Storj (the gateway operator) has to have access to my private key by necessity in order to work.

Think about it this way: To get my data plaintext from the gateway all I need to present the gateway are my S3 access key and S3 secret. I don’t need to provide private key, because gateway has it.

Of course, Storj does not store the S3 credentials, only uses them when needed to decrypt the key to decrypt my data, and otherwise manages them with the best security practices possible:

The Storj DCS hosted S3-compatible gateway service uses server-side encryption, following the industry standard practices for managing access credentials.

, but there are points in time when it has full access to my plaintext data. This is not a problem, this is literary how every other S3 service operates, which is also mentioned in that article:

It’s also important to enable the broadest range of use cases for object storage, and some of those use cases rely on server-side encryption for privacy and security.

My point being, it’s theoretically possible for the S3 gateway operator to see my data, by design. It’s not bad, it’s not good, it’s just fact of life: data is not end-to-end encrypted in this use case.

And this is why I really expected iXSystems to do it right the first time, so that the branded IX_Stroj integration actually takes advantage of Storj-specific features, such as end-to-end encryption and huge throughput, without the s3 gateway. What they did today was just create another S3 remote with hard-coded endpoint URL. Rather underwhelming, and I hope it’s not the final version of the integration.

3 Likes

I have to admit, that I also use to say “Storjay”. I can understand where the idea comes from to pronounce it like “storage” but that wordplay does not really work for me.
If you hear/watch the Twitter Spaces with captions turned on every time someone says “Storj” meaning the company it gets written as “storage” which is also confusing.

1 Like

Originally the first paper on it in 2014 by Shawn, it was called Metadisk. At some point it changed to Storj. Some people pronounced it as Stor-Jay. (There is talk that this was adopted because the original code was written as Stor-J, however I’ve never seen this code example so can’t speak to its validity) Some pronounced it Storge. But officially it has been pronounced Storage.

I believe it was discussed at some point in the past that Storj was confusing, so they created Tardigrade. But the branding was then split between Storj and Tardigrade, and as the company grew, the executives made a decision to retire Tardigrade and have a single brand, Storj.

But the product itself is officially titled Storj DCS. Which, in and of itself sounds like, “Storage Decentralized Cloud Storage” which is like when people call E3 the E3 Expo. That would be the Electronic Entertainment Expo Expo. Anyway… For people talking about Storj, it might help to refer to it as DCS in short, or perhaps adopt SDCS. That would help differentiate it from sounding like Storage.

2 Likes

A lot of people from the early days of Storj say “Storjay” . I don’t think we will ever reach consensus on the pronunciation.

Good to know about the captions turning “Storj” into “storage”. Not sure how to get around that issue but it’s definitely a point of confusion for people using accessibility tools.

Came here to say what @Knowledge said about DCS but he beat me to it :slight_smile:

1 Like

FWIW, when I first saw the word, I read it in my head as “stɔːrʐ” (ʐ is the “zh” sound, ж in Russian; СТОРЖ, not unlike морж). This french sounding variation is unique enough, and has a rather pleasant sound. The wordplay with “storage” I though was a cute if unintentional coincidence

I think this problem will solve itself with time: it’s a new word; when Storj becomes a household name – neural network models will catch up, or at least will be able to sort it out from context. Like @Knowledge said - there is no excuse to caption “STORJ cloud storage” as “Storage cloud storage”. I’m sure context-aware autocaptioners will catch up eventually.

Fascinating! Why tardigrade though? of all things – those lovely creatures?

1 Like

Because they are nearly unbreakable and worldwide distributed. I thought that was a nice hint about the storage service always. And they had a cute comic version as mascot:

More background: Announcing a Campaign for a New Logo

I always liked the idea to create a separate brand and distinguish between service, company and token that was clean and thoughtful. But I understand that with “Storj DCS” the name becomes part of the brand like “AWS” and that is of course also comprehensible.

4 Likes

Well it’s always prone to confusion if you just hear the name. Imagine a radio spot that tells people to visit the website. If you don’t pronounce it storjay, people would probably get it all wrong.
Maybe Storj should buy the domain storage.io? It is for sale.

1 Like

In the UK we have a cloud business accountsing firm called Xero, and in all their radio and TV advertising they say “Zero with an X”. Maybe for Storj it should be “Storage with a J”.

Visit wwwdotstoragewithajdotio ?

:joy:

2 Likes

I’d definitely interpret that as Storaje. You’d have to spell it and even then I think there will be typos. It’s not an ideal name, but people will find it. If you google storage DCS, it’s among the top results.

Its nice whosale price :smiley:

Well it is generic, but yes sure. :scream:

On the other hand if you pay by tokens… :grin: