Is Seif dead?

Question

Is Seif dead?

Closed this issue 7 years ago · 12 comments

shofetim commented 7 years ago

I don't see any new commits, presentations, website updates etc.

Answer 1 · 2018-01-30T13:42:54.000Z

No, it is not dead.

Answer 2 · 2018-10-17T05:45:55.000Z

Is there a roadmap or other information? A gitter chat perhaps?

Answer 3 · 2018-10-20T15:43:14.000Z

I think it is done.

Answer 4 · 2018-10-20T18:20:09.000Z

Not to be too much of a pain, but what is done? The protocol? The Node implementation? The Qt based browser extension/sandbox/runtime?

or is that "done" in it is as far as you want to take it?

For what it is worth, I think the ideas are spot on, but there hasn't been a way to help bring them to fruition, and I didn't want to build a competing implementation.

Answer 5 · 2018-10-21T02:42:57.000Z

I hear you, Jordan. I had high hopes as well. Gave a couple presentations. Even pinged the Firefox-dev list last year for their take, but they weren't interested in redoing the web. Seems like someone would want to be _the secure browser_. DoD and banks would be customers. Trust management seems to be a big hurdle. I was expecting a blockchain-based trust system to replace DNS. The reason I jumped on seif was because it solved the fundamental problem of the web: that TBL implemented http as a stateless protocol, with all the security problems inherent in that decision. Marcus Ranum talked about this in his brilliant Internet Nails talk from 2010 (on YouTube). So http inherits state from tcp _and throws it away_. Maybe the three letter agencies have already invented a seif-based browser and forgot to tell us? No, they really like being able to evesdrop on everyone, so ... Next! I don't know where we go from here. IPFS? Maybe you _should_ pick up the seif protocol and build something we can use. Ben

…

On Sat, Oct 20, 2018, 2:20 PM Jordan Schatz ***@***.***> wrote: Not to be too much of a pain, but *what* is done? The protocol? The Node implementation? The Qt based browser extension/sandbox/runtime? or is that "done" in it is as far as you want to take it? For what it is worth, I think the ideas are spot on, but there hasn't been a way to help bring them to fruition, and I didn't want to build a competing implementation. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACn9-lwU-5hCryU_LHwiDaHY8pcg1lUmks5um2lbgaJpZM4Rxyad> .

Answer 6 · 2018-10-21T04:26:12.000Z

@wirelessben thanks for your feedback. I was so happy to learn about this project back in 2015 at the AngularU conference. Been checking back in since then and noticed commits have stopped to these repos and no other layer of seif has been started (at least publicly).

This is disheartening. I was rolling up my sleeves to get started with prototypes on seif-protocol. Any rationale for the ending of the project? Is there a security issue or philosophical issue discovered with the ideas presented in seif?

Answer 7 · 2018-10-21T04:55:14.000Z

I was unable to find the funding to complete it.

Answer 8 · 2018-10-21T04:58:22.000Z

Douglas,

Thank you taking the time to respond. I think it would be a long shot for the community to complete it, but I for one am interested in the undertaking.

Answer 9 · 2018-10-21T09:41:20.000Z

@douglascrockford @shofetim
Me too, you can count on me as well ;-) on both node and java side.
I think this community could grow quickly.

Answer 10 · 2018-10-21T10:47:16.000Z

Since when has money been the determining factor to open source? Here we have two developers and a sysadmin (me) willing to find time to work on this project. Let's do it. Things to do: Define what right looks like. I'm thinking of the browser experience. So you're browsing the web as normal and Brian Krebs says check out https://someseifsite.org. You click the link and what happens? 1. The page focuses on the green lock icon and says you're really not safe. The enessay is listening, Facebook is hacked, yada yada. Try this plugin: https://seif.org/plugin. The site has plugins for Chrome, Firefox, Safari, Edge. 2. You install the plugin. Suddenly a new web opens up. A safe web. You see seif links to some very safe names like MIT and Stanford and Wells Fargo*. 3. The green lock icon changes to yellow to signify the old web. A notification points this out and directs you to one of these seif links. Now you get a green lock again and a notification explaining why you see green again. (This is a Stanford site. The web of trust verifies this. All these institutions verify this site: MIT, Wells Fargo, etc.) 4. Now you can browse safely. Have a good day. Am I making sense? It's not about the money. Apache was developed by people who all had other jobs. This project is the definition of "a few motivated individuals changing the world". We can do this. Are you with us, Douglas? Ben * Intentional. Who is more interested in reviving trust in their name than Wells Fargo? That translates into money for the project.

…

On Sun, Oct 21, 2018, 5:41 AM Riccardo Mariani ***@***.***> wrote: @douglascrockford <https://github.com/douglascrockford> @shofetim <https://github.com/shofetim> Me too, you can count on me as well ;-) on both node and java side. I think this community could grow quickly. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACn9-q3T5MlVo9vg72WIsNIkFbuRKCR0ks5unEFDgaJpZM4Rxyad> .

Answer 11 · 2018-10-21T20:53:50.000Z

With some cleanup (typescript based, RXJS, etc) I think the node/server layer of the system can prove to be an easy way for devs to spin up servers and start creating services. It would be prudent to port this over from Node to deno to have better runtime security from the start (although deno is early stages).

Trust management and GUI tech would be the last bit that needed. I don't think the browser plugin is as important. An app with something like QT (or better) is probably going to run faster than having it run inside chrome/firefox etc. Also, if it were to be running in the browser anyway, why not just use HTML as the UI layer? I remember HTML was ditched in design cause its not app-centric and its not secure. So why the browser plugin at all?

Answer 12 · 2018-10-22T16:21:45.000Z

Ah, you're a middleware guy.

So why the browser plugin at all?

I'm looking at adoption through the browser's lens because that's how almost all people are impacted. I suppose all this could happen in the background and users wouldn't care how the browser got the content. That _is_ the promise of a content-based internet (get me the latest political news) over the location-based internet of today (serverIP:/path/to/document).

Also, if it were to be running in the browser anyway, why not just use

HTML as the UI layer? That's fine with me. Douglas is the expert, of course.

…

On Sun, Oct 21, 2018 at 4:53 PM Patrick Michalina ***@***.***> wrote: With some cleanup (typescript based, RXJS, etc) I think the node/server layer of the system can prove to be an easy way for devs to spin up servers and start creating services. It would be prudent to port this over from Node to deno <https://github.com/denoland/deno> to have better runtime security from the start (although deno is early stages). Trust management and GUI tech would be the last bit that needed. I don't think the browser plugin is as important. An app with something like QT (or better) is probably going to run faster than having it run inside chrome/firefox etc. Also, if it were to be running in the browser anyway, why not just use HTML as the UI layer? I remember HTML was ditched in design cause its not app-centric and its not secure. So why the browser plugin at all? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#33 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACn9-ncjFxA2qwGc9X-EB_d-1tPuoJGVks5unN7ggaJpZM4Rxyad> .