Reducing attack surface

[vl-ms]

TL;DR:

; git clone --recursive https://github.com/oxen-io/lokinet
; loccount lokinet/
all          SLOC=665531  (100.00%)     LLOC=251271  in 4115 files                                                                      
C            SLOC=354565  (53.28%)      LLOC=23617   in 100 files                                                                       
C++          SLOC=223978  (33.65%)      LLOC=109509  in 1657 files                                                                      
Markdown     SLOC=34133   (5.13%)       LLOC=0       in 362 files                                                                       
Python       SLOC=22919   (3.44%)       LLOC=0       in 178 files                                                                       
cmake        SLOC=17957   (2.70%)       LLOC=0       in 237 files                                                                       
Typescript   SLOC=3795    (0.57%)       LLOC=0       in 49 files                                                                        
shell        SLOC=1084    (0.16%)       LLOC=0       in 45 files                                                                        
YAML         SLOC=902     (0.14%)       LLOC=0       in 17 files                                                                        
autotools    SLOC=878     (0.13%)       LLOC=0       in 14 files                                                                        
HTML         SLOC=863     (0.13%)       LLOC=0       in 12 files                                                                        
Objective-C  SLOC=767     (0.12%)       LLOC=310     in 18 files                                                                        
m4           SLOC=684     (0.10%)       LLOC=0       in 2 files                                                                         
makefile     SLOC=626     (0.09%)       LLOC=0       in 9 files                                                                         
Python3      SLOC=605     (0.09%)       LLOC=0       in 2 files                                                                         
nroff/troff  SLOC=264     (0.04%)       LLOC=0       in 4 files                                                                         
JSON         SLOC=263     (0.04%)       LLOC=0       in 9 files                                                                         
SQL          SLOC=227     (0.03%)       LLOC=0       in 1 files                                                                         
man          SLOC=212     (0.03%)       LLOC=0       in 4 files                                                                         
Swift        SLOC=199     (0.03%)       LLOC=0       in 2 files                                                                         
batchfile    SLOC=170     (0.03%)       LLOC=0       in 10 files                                                                        
Java         SLOC=150     (0.02%)       LLOC=85      in 2 files                                                                         
JavaScript   SLOC=91      (0.01%)       LLOC=0       in 6 files                                                                         
TOML         SLOC=54      (0.01%)       LLOC=0       in 2 files                                                                         
PowerShell   SLOC=52      (0.01%)       LLOC=0       in 4 files                                                                         
INI          SLOC=34      (0.01%)       LLOC=0       in 4 files                                                                         
XML          SLOC=32      (0.00%)       LLOC=0       in 2 files                                                                         
CSS          SLOC=27      (0.00%)       LLOC=0       in 5 files

Plus you also depend on even more stuff.
We all know that more code = more bugs. More bugs = more security issues. I don't trust Tor, I am sure that a lot of nodes spy on their users. Lokinet seems much more trustworthy, but why does it require so much unsafe code? I am afraid of giving my Internet privacy to this amount of loc. Are there any plans to reduce build & runtime requirements?

[jagerman]

Are there any plans to reduce build & runtime requirements?

No.

Reducing dependencies would mean re-implementing well-regarded, broadly used and tested software such as libsodium. While that would reduce the number of lines of code, it would NOT make things more secure.

In other words, this:

"more code = mode bugs. More bugs = more security issues"

is false. At best it is a weak correlation, but if you are applying it as a hard and fast rule to assess software quality or security then you should not be assessing software quality or security.

[majestrate]

additionally by making these a dependency we are reducing the lines of code WE are babysitting, which objectively reduces complexity on OUR end.

the notion that reimplementing or vendoring a dependency makes things less complicated or "more secure" is truly asinine.

[majestrate]

now include the kernel and userland to you loc count. keep in mind, compared to something like tor browser it is piss in the wind.

[majestrate]

realistically, the core of lokinet itself is not THAT bad. still bigger than i want it to be.

~/git/lokinet $ cloc llarp/
     428 text files.
     428 unique files.                              
       3 files ignored.

github.com/AlDanial/cloc v 1.86  T=0.23 s (1836.4 files/s, 298971.3 lines/s)
-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
C++                            167           4343           1702          35297
C/C++ Header                   250           4831           2689          18376
C                                3            105             57            801
Objective C                      2             78             33            455
CMake                            2             49              9            331
XML                              1              1              5             31
-------------------------------------------------------------------------------
SUM:                           425           9407           4495          55291
-------------------------------------------------------------------------------

there is a lot more gutting of redundant code that can be done than people think. additionally separating each part of the core into its own strictly isolated library would definitely inform boundaries between components and clearly define their relations. right now it is a bit kitchen sinky in a few parts.

[vl-ms]

sorry guys, this was a dumb question in the first place. A (hopefully) less dumb question: are there any particular parts of the codebase you would like to refactor or rewrite? Obviously not talking about basic cryptography parts, more about the interfaces.

[jagerman]

Yes, there are quite a bit of the internals left from early lokinet development that are overdue for some serious refactoring. To take a tiny example, Lokinet has various custom implementations of bencoding serialization/deserialization that would be much better replaced and simplified with our oxen-encoding library (which lokinet already uses). This isn't a deficiency, though: lokinet was the first thing to use bencoding, but as other code used it (oxen-mq, oxen-storage-server, oxen-core) we built a more general purpose interface in https://github.com/oxen-io/oxen-encoding. Lokinet uses that already in some places, but there are still older parts of the code that haven't been retrofitted.

As to larger refactors, @majestrate has been talking about getting a major internals refactor underway for a long time; some of the internals (particularly around internal handling of "endpoints") is... complicated, to put it charitably.

[majestrate]

some of the internals (particularly around internal handling of "endpoints") is... complicated, to put it charitably.

that mess was a result of 4 incomplete refactors tripping over each other to solve the same problem. it failed spectacularly each time i tried to as some feature we needed made it harder to fix 😩

[majestrate]

i do not think it is a dumb question and i think this is a legitimate concern with software at all levels of operation. i myself am unsure of what constitutes a proportional response to address the issues of excess complexity. over all, it seems to be a long term pondering in software.

a note on the core ethos of the code: lokinet started as SARP (simple anon routing protocol) but i realized that it wouldn't be easy to keep it simple so i changed "simple" to "low latency" as that is much more concise depiction of the long term goals.

[vl-ms]

Looking back, the question was not necessarily dumb, but rather poorly phrased. I like how Bjorn Stahl (aka Letoram aka crasygload etc.) summarizes software simplicity in "12 principles for a Diverging Desktop Future". I interpret his words like this: the software should be able to do what the user expects it to do, which means a balance between 'so barebones it's practically useless' and 'actually, it can read your mail too!'.

[majestrate]

i agree with this philosophy. lokinet is a unicast ip packet onion router and this it all it ever really does. the biggest issue in it is that every os has their quarks when it comes to networking. this explodes fast. most of the bs code in lokinet arent those parts, it's some cruft idiocy from an era i am glad is gone. see #2013 for the whole enchilada.