Plan9: why it matters to a secure cloud storage developer

by Ludovic Lagouardette

It is hard to make correct computer software. It is harder to make correct research computer software. It is even harder to make correct distributed research computer software. So, why does Plan9 matters you ask? Because it is all of that.

The inceptions from Plan9: distributed systems in action

Plan9 always was a distributed system. It works alongside a protocol named 9P to share resources as file in a Unix-y fashion. SStorage snatched a lot of ideas from the 9P protocol for its front operating side.

Plan9 also brought the ideas of UTF-8 which is a major component of most computer systems as it is the most popular way to represent text information.

Plan9 and its legacy may be the last research operating system with a community of its own.

Why does it matter to a privacy oriented cloud?

9grid and other distributed systems are at the inception of the concept of cloud: they allowed remote use of massive resources within an operating system that spanned several computers. The library that SStorage uses, the gplib (for General Purpose freestanding library for Unix systems development) was heavily influenced by the Plan9 train of thought. It was designed with distributed systems in mind, and with them working around a distributed filesystem which encompassed the properties of the system.

It is something we, at NekoIT, are passionate about, this is the reason why file systems within gplib are using a very 9P like interface: so that they can be interfaced with using 9P.

The main difference is that SStorage uses technology that make the system look like a disk. This means that there is a protocol to talk to the virtual disk as well as file-system interfaces on the client side that, throught that 9P-like API, interface with the operating system.

This means that the encrypted cloud disk only sees the data that is written to it as it is sent. What is responsible for the encryption is the function responsible for sending the data to the virtual disk, meaning that after the file-system mangles the files to write on the disk, those chunks of data are then sent to the storage in a random order: an eavedroper would have to recover the data, figure out both its order and the key to be able to make any sense of it.

The server is no better than the eavedroper in that regard: he doesn't know the key nor the ordering of the data. It is like a padlock hidden in a rubik's cube, except all of the faces of the cube got their color bleached and only the computer that encrypted the data can figure out the order.

Conclusion: open-source and privacy enabling software

SStorage client will be made open-source so that you can check for yourself the way it sends data. This makes techies in the community a big part of our security model: you, techie that reads this, matter to my project.

I invite you to check the information at https://nekoit.xyz/, join us on Discord or Telegram, or follow me on Mastodon Archivist@social.linux.pizza