Hello, On 02/20/2011 07:59 PM, Michiel de Jong wrote:
People are still actively discussing the 7 goals set by the freedomboxfoundation in the IRC channel, but I have to leave, so as promised, here is a little round-up email of today's Sunday Hackfest. This
I take the liberty to post my log of the irc channel to the list. Is there an official log place? Cheers, Erich [Sun Feb 20 2011] *** You have joined channel #freedombox [13:23] *** Topic for #freedombox: http://wiki.debian.org/FreedomBox | https://alioth.debian.org/projects/freedombox/ *** #freedombox: topic set by [email protected], 16:41:39 2011/01/12 *** Users on #freedombox: erwaelde mirsal_ nicoman ehj pabs julianoliver ErkanYilmaz1 Bugsbane aggelos michiel_unhosted ram0 Michaelblizek josef|rumba sardonic bochecha unicron javaanse_jongens milk mono000333 skhaen ailo_ hossi mfb mikepark egh kaner amiller micah HerraBRE rtdos crc peddie kelsoo holloway anarcat WinterMute pickan craSH persia aevin irvee ludens sstangl openfly qubitsu tmarble anibal dilinger mjj29 cmn OdyX zumbi_ *** #freedombox modes: +nt *** #freedombox was created on Friday 2010/08/06 04:22:49 PM *** mirsal_ ([email protected]) has quit: Remote host closed the connection [13:27] *** mirsal_ ([email protected]) has joined channel #freedombox *** Bugsbane ([email protected]) has quit: Ping timeout: 480 seconds [13:34] *** qualiabyte ([email protected]) has joined channel #freedombox [13:45] *** julianoliver ([email protected]) has quit: Read error: Connection reset by peer *** milk ([email protected]) has quit: Quit: baaaiiii [13:54] <kaner> so the tor project is building a hardware-based relay version, its called `torouter' [14:04] <kaner> similar requirements like freedombox <kaner> i thought you'd find this interesting: http://pastebin.com/qf32Ug7f [14:05] *** Bugsbane ([email protected]) has joined channel #freedombox [14:09] <ehj> hi, im' so happy for fbx, just want to say telekompinnen was conceptualised 2 years ago http://euwiki.org/Propensities/Free_Infrastructure :-) [14:19] *** mirsal_ ([email protected]) has quit: Ping timeout: 480 seconds [14:25] *** mono000333 ([email protected]) has quit: Ping timeout: 480 seconds [14:26] *** mono000333 ([email protected]) has joined channel #freedombox [14:27] *** bochecha ([email protected]) has quit: Ping timeout: 480 seconds [14:32] *** endian7000 ([email protected]) has joined channel #freedombox [14:34] *** nesciens ([email protected]) has joined channel #freedombox *** jonas ([email protected]) has joined channel #freedombox [14:39] *** jonas ([email protected]) is now known as Guest2019 *** Guest2019 ([email protected]) is now known as jonas [14:41] *** e3i8 ([email protected]) has joined channel #freedombox [14:52] *** qualiabyte ([email protected]) has quit: Ping timeout: 480 seconds [14:55] *** qualiabyte ([email protected]) has joined channel #freedombox [14:56] *** nesciens ([email protected]) has quit: Quit: Leaving. [15:05] *** nesciens ([email protected]) has joined channel #freedombox [15:06] *** bochecha ([email protected]) has joined channel #freedombox [15:11] *** phitoo_ ([email protected]) has joined channel #freedombox [15:12] <endian7000> to paraphrase Michiel and his epic Observer Effect... why is this room so quiet? [15:22] *** michi_ ([email protected]) has joined channel #freedombox [15:23] <endian7000> anyone ready to rumble? *** michi_ ([email protected]) has quit: Quit: Leaving [15:28] *** ehj ([email protected]) has quit: Remote host closed the connection [15:29] *** Michaelblizek ([email protected]) has quit: Read error: Operation timed out <michiel_unhosted> yes, sorry [15:40] <endian7000> howdy <michiel_unhosted> i'm ready :) <endian7000> * rumbling * <endian7000> is there a wiki page with (city -> (person, skillz, interests)-list) yet? [15:41] * michiel_unhosted revving up the engines ;) *** dxld ([email protected]) has joined channel #freedombox <endian7000> there should be -- local meetups/hackathons are fun and productive [15:42] <michiel_unhosted> so what i think we can do is maybe see who wants to look into which of the seven goals today *** djbclark ([email protected]) has joined channel #freedombox <michiel_unhosted> 1) Safe social networking, 2) Secure backup, 3) Network Neutrality, 4) safe anonymous browsing, 5) home network security, 6) encrypted email, 7) private voice communications - ref. http://www.freedomboxfoundation.org/goals/ *** GNUtoo|laptop ([email protected]) has joined channel #freedombox [15:43] <michiel_unhosted> i will start by looking into how far diaspora is with the facebook integration, for 1). <endian7000> 1, 2, 6 here [15:44] <michiel_unhosted> the secure backup can i think be a cronned rsync? <GNUtoo|laptop> hi, just for knowing, what's the starting point? take luci configuration and web interface of openwrt and port it to debian? <endian7000> I was thinking a system-integrated app [15:45] * GNUtoo|laptop was on #freedombox on freenode and tought we were doomed because there was nearly nobody and the channel was not active <endian7000> to back up a mac, for example, use FSEvents for better performance <endian7000> there are lots of complementary subsets of work here [15:46] <endian7000> am I missing some here? https://github.com/tafa/tafa/wiki <bochecha> michiel_unhosted, fwiw, I suggested it earlier but let's reiterate just in case: there's one FOSS facebook equivalent that isn't listed on the wiki page called Friendika. I haven't tested it myself, but it seems pretty advanced already and might be worth looking at <michiel_unhosted> bochecha there are roughly 30 FOSS facebook equivalents [15:47] <michiel_unhosted> diaspora, friendika, statusnet, appleseed, and many more <bochecha> michiel_unhosted, they already have a federation protocol though, just like what Diaspora is still trying to implement [15:48] <endian7000> http://identi.ca/jancborchardt is aggregating FOSaaS links <endian7000> http://libreprojects.net/ and https://jancborchardt.titanpad.com/libreprojects <GNUtoo|laptop> hmmm does disapora use xmpp? <endian7000> should we use that term? FOSSaaS? it sounds cool <michiel_unhosted> yeah, i like FOSSaaS as a term [15:49] <michiel_unhosted> diaspora does not use xmpp, although there is i think a fork that does <endian7000> with social, people seem to be focusing on information-propagating systems [15:50] <michiel_unhosted> basically, i think there is xmpp federation and OStatus federation <endian7000> that's important, but I want to focus on the silent aggregation parts instead <endian7000> and then integrate a propagation system *** pabs ([email protected]) has quit: Quit: Don't rest until all the world is paved in moss and greenery. <endian7000> silent-social: you have one node/page per person [15:51] <endian7000> and as you use LinkedIn/Twitter/Meetup/..., the HTTP responses get parsed and imported <endian7000> and you can explicitly add notes, public key fingierprints... [15:52] <endian7000> it could be an address book + extra info <endian7000> hmm, there are only a few of right now [15:53] <endian7000> maybe we should introduce ourselves and what we want to work on? <endian7000> michiel? <michiel_unhosted> yes, sorry <michiel_unhosted> you are describing a project called silent-social now, right? <endian7000> a project idea -- it doesn't exist [15:54] <michiel_unhosted> ah <michiel_unhosted> Safe social networking, in which, without losing touch with any of your friends, you replace Facebook, Flickr, Twitter and other centralized services with privacy-respecting federated services; <endian7000> "social-agg" would be better... <michiel_unhosted> i think diaspora is already a social aggregator project <michiel_unhosted> and the goal says we need at least facebook, flickr and twitter. [15:55] <michiel_unhosted> twitter is easy, flickr can't be that hard either i think *** redarrow ([email protected]) has joined channel #freedombox <michiel_unhosted> privacy-respecting federated services is also easy, there are many of those around [15:56] <michiel_unhosted> so i think the part to focus on there is a read/write client for facebook <michiel_unhosted> 8 days ago someone said on diaspora-dev that this should work in diaspora now. so my question would be: is there anything else that aims to be, or include, a facebook client? [15:58] <endian7000> not sure -- I'm no facebook expert [15:59] <michiel_unhosted> or, otherwise, is there anything in diaspora that makes it unfit for using it as [a basis for] the solution for goal 1) <michiel_unhosted> meaneither ;) <endian7000> the code and UX was dreadful <endian7000> but they're probably better now <endian7000> *were [16:00] <michiel_unhosted> we'll see. <michiel_unhosted> my goal for today is install diaspora, test facebook integration, and report back about it. <endian7000> cool <endian7000> my dev goal is to make progress on tafa-media and tafa tools <michiel_unhosted> would you agree that that would be a sensible first step for goal 1)? <endian7000> yes [16:01] <michiel_unhosted> cool, what does the name stand for? <endian7000> maybe we should have a titanpad with what we're doing / notes <endian7000> TAFA: temporary acronym for a freedom box attempt [16:02] <endian7000> https://github.com/tafa <endian7000> https://github.com/tafa/tafa/wiki <michiel_unhosted> ok. <endian7000> titanpad? http://titanpad.com/3LsfCMplSR [16:03] <michiel_unhosted> anybody else here feel like hacking? http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-February/000473.html <endian7000> brb coffee [16:05] <michiel_unhosted> i'll stop editing the titanpad while the other person organises the goals list :) [16:06] <dxld> about goal 6(encrypted email), is the fb supposed to act as a mail server that transparently en/decrypts mail so the user can retrieve decrypted mail directly from the fb? <michiel_unhosted> i understand it as installing a pgp-capable webmail service on it [16:08] <dxld> ah <endian7000> back [16:09] <endian7000> right: tafa-mail :) <michiel_unhosted> dxld (and other people) do you want to work on one of the 7 points today? <dxld> im just looking at what i could do [16:10] <michiel_unhosted> ok cool! good to have you here :) apart from you, so far it's endian7000 and me, i think <dxld> do we have any restraints on what tools should be used? <michiel_unhosted> here is what i wrote about this "Sunday Hackfest" effort: trying to hack together an experimental version of the freedombox in a virtual server image, with whoever wants to join in. The starting point will be this: http://pagekite.net/community/DebianFB/ (open freedombox.20101010.tar, inside there is an image that you can open with Oracle VM VirtualBox) and the goals will be this: http://www.freedomboxfoundation.org/goals/ <dxld> ruby/php/node ..? <endian7000> I think we should have these constraints: https://github.com/tafa/tafa/wiki [16:11] <endian7000> so dozens of apps can share a NodeJS process <michiel_unhosted> there is a constraint to *try* to use existing debian packages wherever possible <dxld> right <endian7000> and be awesomely efficient <michiel_unhosted> although <michiel_unhosted> talking about web apps changes this, i think <endian7000> are y'all familiar with NodeJS and why it's awesome? [16:12] <endian7000> 2009 slides: http://s3.amazonaws.com/four.livejournal/20091117/jsconf.pdf <dxld> endian7000: absolutely! <michiel_unhosted> :) <endian7000> :) <endian7000> are you familiar with CoffeeScript? [16:13] <endian7000> and Express? <dxld> i heard of it but never felt like playing with it <dxld> i've been working with node.JS for quite a while, so i know all the usual stuff ;) [16:14] <endian7000> :) <endian7000> I think it should be _this_ easy to write apps: https://github.com/tafa/tafa-media/blob/master/app.coffee <endian7000> I need to clean up/release the tool I made for running apps like that... [16:15] <dxld> but i still don't entirely get what we are trying to do now.. <endian7000> different things <endian7000> michiel is researching the state of (diaspora, facebook integration) <dxld> do we want to build everything on top of node or use existing stuff that uses php/ruby or whatever? <endian7000> I want to build on node [16:16] <endian7000> some want to package existing stuff <dxld> well me too ;) but that is just a really huge effort <endian7000> what projects are you interested in? <michiel_unhosted> i think we shouldn't be talking about writing node apps for stuff that already exists in debian [16:17] <dxld> building stuff like webmail, mesh networking on top of node when there are already projects that do this <michiel_unhosted> so webmail, probably exists in debian <michiel_unhosted> so then we shouldn't write a new webmail program <dxld> endian7000: CouchDB, GNUNet, Node, stuff like that <endian7000> which webmail apps are in debian? [16:18] <endian7000> cool <dxld> michiel_unhosted: i was thinking we could use SquirrelMail <dxld> they have a PGP plugin <michiel_unhosted> great! <endian7000> SquirrelMail is PHP [16:19] <dxld> mhm :/ <michiel_unhosted> so let's not spend much more time on that one today now then <endian7000> it doesn't use any client-side JS <michiel_unhosted> endian7000 that's not the point <michiel_unhosted> the point is whether it is a debian package or not <michiel_unhosted> now, if we find that there are things that don't exist <dxld> endian7000: i don't like it either, but it does the job ;) <michiel_unhosted> then that's where we start coding <michiel_unhosted> and it is already in debian <michiel_unhosted> i think <endian7000> one goal: have as awesome as possible a distro in a few months [16:20] <endian7000> which means writing awesome frontend apps <endian7000> dxld: any specific things you want to hack on now? [16:21] <endian7000> http://titanpad.com/3LsfCMplSR [16:22] <dxld> i'm not sure yet ^^ <dxld> is the secure backup supposed to backup files or stuff like contact info ? [16:23] <endian7000> files, maybe more [16:24] <dxld> mhm <erwaelde> I envision secure backup as something like tahoe-lafs, see: http://tahoe-lafs.org/ <endian7000> cool [16:25] <erwaelde> A system of containers spread among the FB systems, where files are stored encrypted. Default values: everything os loaded to 10 nodes, with 3 functional of them data can be recovered. <erwaelde> Encryption is done on the client side, so someone else can never see the data in clear text. [16:26] <dxld> does tahoe scale space wise? <erwaelde> I don't know. I have made an attempt to install it on a few boxes of mine, but thats all. [16:27] <dxld> i mean when you have 200 freedom boxes with 10GB of storage and you distribute that to 10 other nodes how is that ever going to work? <michiel_unhosted> endian7000 i don't agree with you on the goal of having an as awesome as possible distro in a few months. i think we should stick to debian wherever possible <endian7000> sorry, I should have said "suite of apps" <erwaelde> This means that 90% or more of my local disk is used as storage for others. <erwaelde> Thats the price for regaining my data after loss of the local box for whatever reason. <dxld> right [16:28] <javaanse_jongens> flashblock [16:29] <javaanse_jongens> ops <javaanse_jongens> wrong win again <erwaelde> IMHO this is not for my music collection, videos, images, but maybe for smaller but more important snippets of data <dxld> true, but there is a lot of potential for abuse in providing storage to others [16:31] <endian7000> with client-side encryption, users could use S3 <erwaelde> Certainly. It seems that tahoe-lafs was designed as well to store my stuff in some providers cloud, but disabling them to see it in clear. [16:32] <erwaelde> The use of S3 might be shut down. That is much harder with 200 nodes distributed over the planet. [16:33] <endian7000> so the whole sharing thing could be an unnecessary distraction from encryption, {Mac,Win,Lin}-integration, and other aspects... <endian7000> true <erwaelde> That's what I gather from Eben Moglens presentations *** willma ([email protected]) has joined channel #freedombox [16:35] <endian7000> for those joining us now: http://titanpad.com/3LsfCMplSR [16:37] *** bochecha ([email protected]) has quit: Quit: Leaving [16:41] <michiel_unhosted> gnunet, good point [16:43] <michiel_unhosted> that had sunk to the back of my memory <dxld> it doesn't work yet but i really like it anyways <dxld> well the file sharing service doesn't work yet [16:44] <HerraBRE> Hello! Better late than never :) <dxld> hey *** endian7000 ([email protected]) has quit: Quit: endian7000 <michiel_unhosted> hi! [16:45] <michiel_unhosted> http://titanpad.com/3LsfCMplSR <willma> I take it the pad is free update? [16:46] <willma> So just add stuff that might fit the bill? <HerraBRE> It seems you guys are duplicating somewhat the work on the wiki - is that deliberate? <willma> Which page HerraBRE? [16:48] <michiel_unhosted> that may have been me, sorry <HerraBRE> moment, looking for the link :) <willma> Is the coffee JS thing the language to be used for the interface/GUI? [16:49] <HerraBRE> http://wiki.debian.org/FreedomBox/ExampleProjects <HerraBRE> That has a lot of resources listed for various tasks. <michiel_unhosted> willma that is a suggestion of endian7000, but in general, we are looking at building the whole thing from debian packages [16:50] <willma> including the web gui? an out of the box solution? <michiel_unhosted> well, yes, sort of [16:51] *** endian7000_ ([email protected]) has joined channel #freedombox <michiel_unhosted> for instance, SquirrelMail is already a web gui <endian7000_> back -- did I miss much? <willma> but they you have OS configuration <michiel_unhosted> what do you mean by that? <willma> Sure use established, stable, secure apps for the actual work aspect, but there needs to be system glue [16:52] <willma> webmin probably isn't suitable :) <HerraBRE> willma: but could it be a useful beginning, and then skinned and cleaned up? <michiel_unhosted> willma i wouldn't necessarily say there needs to be glue * michiel_unhosted agrees with HerraBRE [16:53] <HerraBRE> I was trying to remember the name of webmin, knew it existed := <HerraBRE> :) <endian7000_> there needs to be one web app interface <endian7000_> with /app-commons <willma> I agree with endian7000_ <endian7000_> where you can browse/search apps and install them with one click <endian7000_> and /configure where you can see your hardware topology [16:54] <endian7000_> (e.g. an picture of a hard drive with a line to your third sheevaplug) <endian7000_> and you can tell it to format and use the drive <HerraBRE> I agree that something like that will need to exist at some point. Not sure if it needs to be the first thing done, but perhaps in parallel. Question is whether anything exists already or if it is easier to write from scratch. [16:55] <endian7000_> and yes, you're sure <endian7000_> scratch! scratch! scratch! <dxld> endian7000_: +1 <willma> From scratch I think. I'm not aware of anything suitable OTS <willma> However, is it needed from day 1? Who is the target for the unit? [16:56] <willma> I'd recommend Perl or maybe Ruby for the glue. There are already a load of system integration modules available. Could even use Puppet <WinterMute> webmin is pretty complex [16:57] <willma> Too complex I'd argue. And potentially insecure <HerraBRE> An admin interface is insecure by default :) [16:58] <HerraBRE> I mean, that's it's job. <willma> If the target of this project is really those who have a lot to loose through access to the device the attack surface needs to be tiny <erwaelde> given the latest ruby packaging withdrawals, I'd prefer perl. <endian7000_> insecure by default? how? <endian7000_> HTTPS <HerraBRE> Perl is much more mature. It's uglier, but there is a massive amount of support for it. *** veosotano ([email protected]) has joined channel #freedombox <endian7000_> and in the box, there's a sheet of paper <willma> I agree with that <HerraBRE> endian7000_: what I mean, is an admin interface has superuser and reconigures the entire device. <endian7000_> with the HTTPS fingerprint <endian7000_> ah, yes [16:59] <endian7000_> but that's probably in the interest of most users <willma> Admin interrace needn't have root/super user to all the system <endian7000_> at least to get started <veosotano> hello all <endian7000_> howdy <HerraBRE> So saying webmin is insecure is silly, is all. <HerraBRE> you can put a password and https around it just like anything else. <endian7000_> veosotano: collaborative notes @ http://titanpad.com/3LsfCMplSR [17:00] <endian7000_> yes <willma> HTTPS uses it's own web server, it runs as root/has root equivilancy <willma> s/HTTPS/webmin/ <HerraBRE> That is a good basic design. [17:02] <HerraBRE> Separate it from other web-things. <willma> But then it relies on it's own security rather than that of a larger project. I think webmin is too complex for this projects audience anyway [17:04] <veosotano> excuse my ignorance, but I'm quite new to this project... could anyone explain to me in 1 sentence what FreedomBox is about? <veosotano> is it an Operating System? <erwaelde> otano> is it an Operating System? [17:05] <erwaelde> ERC> <HerraBRE> veosotano: A debian-derived Linux distribution, suitable for embedded plug-style computers designed to provide the services people need to enhance privacy and provide a private alternative to cloud-based services. <HerraBRE> Is my understanding. <ErkanYilmaz1> veosotano, see also http://en.wikipedia.org/wiki/FreedomBox <WinterMute> veosotano: http://freedomboxfoundation.org/goals/ <erwaelde> More like a set of packages than a distribution. [17:06] <HerraBRE> erwaelde: Calling it a distribution is probably the most clear way to explain, even if you could cherry-pick things from it and merge into other systems. <veosotano> and is Unhosted a part of FreedomBox? just aligned goals? collaborating foundations? [17:07] <WinterMute> isn't the target audience non tech/non geek? <HerraBRE> WinterMute: yes. Which just means the hardware vendor pre-installs the distro for you, and the distro tries to be really easy to use. [17:08] <michiel_unhosted> veosotano the two projects are unrelated, although both were inspired by Eben Moglen [17:09] <veosotano> ah ok :) <michiel_unhosted> unhosted is a small piece in a bigger puzzle <michiel_unhosted> freedombox is another piece. <veosotano> its a bigger movement, then [17:10] <veosotano> about descentralizing the internet <endian7000_> and TAFA is another piece: an attempt to write lots of awesome web apps that run well on a FB <endian7000_> https://github.com/tafa/tafa/wiki <veosotano> am I right? <michiel_unhosted> veosotano yes :) exactly <HerraBRE> veosotano: yes, I think that's pretty accurate :) <endian7000_> yes <willma> Thats why I'm here veosotano :) [17:11] <veosotano> :D [17:12] *** lukisi ([email protected]) has joined channel #freedombox [17:13] <willma> How is security is general being addressed? What standards are too be adhered to? [17:14] <michiel_unhosted> hi lukisi, welcome - if you're here to hack, see http://titanpad.com/3LsfCMplSR <michiel_unhosted> i am looking into goal 1, specifically, i'm trying to find out to what extent diaspora solves the facebook integration. [17:15] <willma> I happy to start to look at OS platform security. I doesn't seem to be addressed anywhere [17:17] <lukisi> Hi all <veosotano> hi <michiel_unhosted> willma cool! that would fall under number 5, i think? [17:18] <michiel_unhosted> or what do you call OS platform security? <willma> If the device itself is considered 'home' <willma> Making sure the unit is safe, secure and can be trusted <michiel_unhosted> it's debian [17:19] <willma> So audit, logging, integrity checks <willma> The running system <michiel_unhosted> ah <willma> Not the source <michiel_unhosted> that makes sense <michiel_unhosted> intrusion detection, that sort of thing, right? <michiel_unhosted> is there a debian package for that? <willma> yes <willma> apparmor or SELinux <willma> They have... overheads though <willma> Also, whether VServer/OpenVZ would be useful for segregation [17:20] <michiel_unhosted> i hear ya <michiel_unhosted> ok, so even though it's not strictly part of goal 5, we can file it under goal 5 i guess. good luck and have fun! :) [17:21] <willma> Thanks, I will :D <endian7000_> how about a (city --> (person, skillz, interests)-list) page? <endian7000_> http://titanpad.com/jJ7Y6xtT8d <endian7000_> local meetups and hackathons can be fun and productive [17:22] <michiel_unhosted> willma add yourself to the titanpad under 'What we're working on now / progress notes' <willma> I have an idea of spawning containers and configuring them using puppet. [17:23] *** Schlomo ([email protected]) has joined channel #freedombox [17:24] <willma> I think it might be a little out of scope for this work, but it would certainly provide security <willma> It's just everything else would have to fit around it <michiel_unhosted> would it? <endian7000_> you mean like how startups deploy to VMs? <HerraBRE> willma: that sounds a tad heavy for a plug computer :) <willma> I guess so. BUt locally <willma> SHouldn't be <willma> the containers off very little over head [17:25] <willma> I think I'll file it in the to be investigated pile for now :) <willma> I'll look at security and integrity and other number 5 stuff. <michiel_unhosted> willma cool! <willma> Gives me an excuse to go out and buy and ALIX or shiva plug :D [17:26] <endian7000_> there was a 4-week delay when I got my SheevaPlug <michiel_unhosted> what do people think of gnunet? <michiel_unhosted> does it solve point 3, network neutrality? [17:27] <michiel_unhosted> i think you would need a wifi mesh for that, right? <michiel_unhosted> otherwise you always have a single point of failure, being your isp [17:28] <dxld> GNUNet can operate on a wifi mesh <michiel_unhosted> dxld yes, that's what i'm thinking <michiel_unhosted> establish a wifi mesh <michiel_unhosted> to solve point 3 <willma> Is it stable yet? <veosotano> what's a wifi mesh? *** ehj ([email protected]) has joined channel #freedombox <endian7000_> gtg -- I'll be back later today <dxld> nope <michiel_unhosted> then run gnunet to solve point 4, about anonymous publishing [17:29] <dxld> rather unstable (some parts of it at least) *** endian7000_ ([email protected]) has quit: Quit: endian7000_ <willma> And is it's security proven? <willma> Because I think for this project anything that isn't stable and proven should be rejected from the first version <michiel_unhosted> or fixed :) <dxld> i don't know. [17:30] <michiel_unhosted> is there a proven anonymous publishing tool? <willma> tor, i2p, freenet have all been around for some time and are pretty well understood <dxld> there are some papers about GNUNet <michiel_unhosted> more than gnunet? <willma> Is fixing other projects short falls our goal? Because I'd say while we can file bugs against them we can't fix them so could end up waiting on the upstream <michiel_unhosted> willma but fixing an existing project is better than creating a new one from scratch [17:31] <michiel_unhosted> i don't know,we'll see <willma> Sure, I agree with that. I'm just wary the gnunet is still new [17:32] <HerraBRE> I really like Tor. I've met with multiple people from the project, and they are smart and dedicated. <willma> new is nice and shiny but I'd rather have something stable and well proven. <HerraBRE> And they have funding. <michiel_unhosted> HerraBRE could you use Tor, without anything on top of it, to anonymously publish something? [17:33] <HerraBRE> yes <HerraBRE> that is what hidden services do <michiel_unhosted> and is there a hyperlinked web of such services? <willma> I though they were just anonymous end points? <redarrow> willma: at least with tor there are issues/problems with the goverment of germany and other parts of the european union <HerraBRE> redarrow: Not for publishing. <HerraBRE> Basically a tor hidden service is just a TCP/IP service. [17:34] <dxld> redarrow: what problems? <willma> redarrow: in what way/ <willma> ? <HerraBRE> Exit nodes are difficult to run in some countries, as the traffic exiting may get you in trouble. <willma> Which means you can't upload it.. freenet provides a service like that <Schlomo> with a wifi mesh. It still has to go trough a gateway to an ISP rigth. Is there a way around that? <willma> Ah, okay HerraBRE I see. That's why I don't run and exit node! <HerraBRE> willma: Yes, it's not a distributed cloud, you have to actually host it yoruself and be reachable. [17:35] <HerraBRE> Tor only provides anonymity, but it does so both for publishing and network use. <HerraBRE> Because obviously one of the TCP/IP services you can run is a webserver. <HerraBRE> And if you carefully make sure it doesn't leak info about where you are and who you are (watch out for dates, time zones, software versions etc) you can publish things in an untraceable way. [17:36] <michiel_unhosted> HerraBRE so for the goal "Safe anonymous publication: Friends or associates outside zones of network censorship can automatically forward information from people within them, enabling safe, anonymous publication", do we need anything but Tor? <HerraBRE> For that you need more, you need Tor + mirrors. <lukisi> I do not know TOR personally. So I am wondering, what does it mean that OperaTor proved to be not able to circumvent censorship il Libya? <willma> That's far too risky I think HerraBRE - some information might just want to be passed on <HerraBRE> I think if you want censorship resistant publishing, you need more than Tor. [17:37] <HerraBRE> That is not the same goal as anonymous publishing :) <dxld> GNUNet has censorship resistant publishing ;) <willma> So does freenet <michiel_unhosted> and what about i2p? [17:38] <HerraBRE> I don't know i2p, I think it is very similar to Tor. <willma> i2p doesn't exit to the public Internet does it? <willma> There is another option - something like anonet <nicoman> i2p is more scale ... and freenet is java :S to heavy to plug <HerraBRE> http://www.i2p2.de/how_networkcomparisons <willma> yeah, java does kind of put a spanner in the works [17:39] <dxld> https://gnunet.org/compare <nicoman> hi!!! :) y don't speak english... sorry :( <nicoman> onli can read <willma> i2p is java too [17:40] <willma> I think for the publish part gnunet looks like the best option [17:42] <willma> For connectivity out to the public internet via protect means, tor looks like the best option [17:43] <willma> IMHO of course <HerraBRE> Was it deliberate to leave out *non-anonymous* publishing from the todo list? <HerraBRE> or should that fall under social networking? [17:44] <HerraBRE> ... or social networking fall under something more generic like "non-anonymous communication/publishing"? <willma> I like the latter HerraBRE [17:46] <HerraBRE> If FreedomBoxes are supposed to help people "leave the cloud", they will need to provide alternatives to what people use the cloud for. And that's a lot of non-anonymous communication. :) * HerraBRE edits the pad *** Mixhael ([email protected]) has joined channel #freedombox [17:48] <willma> Does freedom extend to DRM bypass? *** lukisi ([email protected]) has quit: Ping timeout: 480 seconds <erwaelde> Not neccessarily, imho. [17:50] <michiel_unhosted> willma there is a risk of scope bloat here. *** lukisi ([email protected]) has joined channel #freedombox <willma> As ever with everything :) What in particular? [17:51] *** willma ([email protected]) has left channel #freedombox: #freedombox *** willma ([email protected]) has joined channel #freedombox <michiel_unhosted> would DRM bypass be an 8th goal? [17:52] <willma> I mention it as it depends what 'Freedom' means <michiel_unhosted> referring to http://www.freedomboxfoundation.org/goals/ <nicoman> open hardware = 8th goal :) <willma> I don't know if it's something we should aim for early on, but should it be on the radar? <willma> Would it be setting the project up as a target for Big Business *** ian_brasil_ ([email protected]) has joined channel #freedombox <michiel_unhosted> willma ah, ok. i have no opinion about that <willma> I personally think in the world of Freedom with a capital F it's important (well, the issue as a whole is). For this project, I think it's something best avoided as it is a hot potatoe [17:53] *** Schlomo ([email protected]) has quit: Quit: Lämnar <willma> As it's not elicited a stream of support forget I said anything ;) [17:54] <HerraBRE> I'm not sure how it applies anyway, DRM bypass generally happens on the device where you have access to the media or are playing it. FreedomBoxes will generally do neither, they would just provide dumb storage and sharing capabilities. Which are related, but simpler. <willma> It's a tool that could provide a function. Strip DRM on the storage [17:55] <willma> It's a freedom issue is all I meant <HerraBRE> sure :) <willma> right, gotta go. bbl [17:56] *** willma ([email protected]) has quit: Quit: willma <HerraBRE> Something vaguely related, is that if a device helps with backups - say you plug a giant hard drive into your FB and it then takes backups of your laptops and mobile phones etc. automatically. Then a killer feature is to auto-compile and expose a media library from the backed up data. <HerraBRE> A lot of interesting personal data mining can happen on a device which does smart backups, this is one such example. [17:57] *** Bugsbane ([email protected]) has quit: Ping timeout: 480 seconds <HerraBRE> None of the cloud guys can provide such features because of privacy concerns and not wanting to be RIAA targets. But a FreedomBox could totally rock that sort of thing. <michiel_unhosted> contribution by gbraad, who can't be on IRC right now: "tor is not very useful in china without bridges but still preferred solution." <HerraBRE> It would be very nice if FreedomBoxes could easily be made into bridges :) [17:58] <HerraBRE> I wonder if Tor's centralized directory stuff will melt if a million FreedomBoxes start connecting. :) [18:00] <michiel_unhosted> sorry, i had to learn what Tor bridges are before i could answer that. after reading https://www.torproject.org/docs/bridges my answer is yes :) <redarrow> HerraBRE: probably, but the main point for tor is not the bridge I think. There are more difficulties with the exit point, because there are less than entry points and that's why tor is right now terribly slow <HerraBRE> redarrow: that's not what I've heard from the Tor people, they've told me they have plenty of exit bandwidth. [18:01] <michiel_unhosted> but can you also use a web that's entirely within Tor, without exiting? <HerraBRE> michiel_unhosted: yes <michiel_unhosted> HerraBRE so then you can publish anonymously? [18:02] <HerraBRE> redarrow: but bridges to provide access circumventing great firewalls is something they always need more of. <HerraBRE> michiel_unhosted: yes, but your server has to stay up for the content to be reachable. <michiel_unhosted> that's where the FreedomBox comes in :) <HerraBRE> redarrow: Tor is by nature always going to be slow because of all the extra hops. <michiel_unhosted> it would be desirable to mirror, obviously <michiel_unhosted> as you said earlier [18:03] <michiel_unhosted> sorry, my brain is a bit behind on the discussion ;) <redarrow> HerraBRE: if you are lucky the connection ist fast but most times you are right you have to cope with one very slow node in the middle *** clstaudt ([email protected]) has joined channel #freedombox [18:04] <michiel_unhosted> welcome back clstaudt <clstaudt> hi @all <michiel_unhosted> http://titanpad.com/jJ7Y6xtT8d describes what we think about each of the seven goals <michiel_unhosted> we're currently discussion the anonymous publishing one [18:05] <michiel_unhosted> (goal number 4) <clstaudt> sure it's the right link? document starts with name/handle <clstaudt> skillz <clstaudt> interests <HerraBRE> http://titanpad.com/3LsfCMplSR [18:06] <clstaudt> thanks <michiel_unhosted> ah sorry [18:11] <michiel_unhosted> brb *** michiel_unhosted ([email protected]) has left channel #freedombox: #freedombox <redarrow> Tor is already implemented in the 'freetz' project (Project to work with (nearly) every fritz!box router) (German Page: http://freetz.org/wiki/packages/tor) unfortunately there is no english one, as there is no german Overview of how tor works ... [18:12] <redarrow> wow, have I missed something? [18:14] *** seadog ([email protected]) has joined channel #freedombox [18:15] <amiller> there's so much to read [18:16] *** zx81 ([email protected]) has joined channel #freedombox <amiller> today is a hackfest? that's exciting <seadog> hello everybody <dxld> hi <zx81> hey there [18:17] <redarrow> hi *** michiel_unhosted ([email protected]) has joined channel #freedombox *** Mixhael ([email protected]) has quit: Quit: Mixhael [18:18] <clstaudt> how can encrypted e-mail become really, really easy to use? <aggelos> err, what are the criteria for choosing between {free|}gnunet|i2p|tor? <aggelos> do you guys want a darknet or anonymous publication on the existing internet? [18:19] <aggelos> tor seems to me as the obvious choice for the latter [18:20] <aggelos> clstaudt: take key management out of the picture? <amiller> i just installed tor and did a 'proof of concept' use case of an anonymous publication, i think <amiller> i want to explain what i did so any of you can tell me if i did it wrong [18:21] <redarrow> aggelos: for me to, but is there a way to encrypt the .onion Service? <aggelos> redarrow: https? <redarrow> aggelos: something like that, but as I see this is not implemented yet <aggelos> but in any case, iirc there are powerfl attacks against tor hidden services [18:22] *** Mixhael ([email protected]) has joined channel #freedombox <aggelos> redarrow: where do you see that? [18:23] <michiel_unhosted> aggelos the definition is "Safe anonymous publication: Friends or associates outside zones of network censorship can automatically forward information from people within them, enabling safe, anonymous publication" [18:24] <HerraBRE> The net neutrality stuff actually implies Tor or something similar - a fallback alternate route when ISPs block ports. That's a different goal though. [18:25] <michiel_unhosted> amiller great! i'll write a report of our findings to the mailing list, later. send me a snippet that i can include <amiller> thank you :] <amiller> michiel_unhosted i'm a huge fan of your unhosted page, i think that's the most important idea, although i've been reading about a whole lot of important ideas here in the last day *** tg ([email protected]) has joined channel #freedombox [18:26] <aggelos> HerraBRE: uhhh, being forced to have 2 orders of magnitude greater latency hardly qualifies as restoring network neutrality... :) <zx81> amiller: there are lots of projects so interesting to see where freedombox fits in. <HerraBRE> aggelos: it's better than nothing. <aggelos> michiel_unhosted: yah, is that enough? or do you want people inside the censorship zone to be able to access that publication? <aggelos> HerraBRE: absolutely [18:27] <michiel_unhosted> amiller thank you! take into account that unhosted is only one of the projects that make up the 'decentralized web' revolution. it's a piece in a bigger puzzle <aggelos> HerraBRE: but the description seems very optimistic <HerraBRE> Using off-the-shelf components, I think tor may be the only solution at the moment that can accomplish that particular goal of circumventing port blocks. But a custom written tool for just that (without the anonymity) would be much more efficient. <HerraBRE> Mr. Moglen is nothing if not an optimist :) [18:28] <redarrow> aggelos: the hidden service test page says something "the web site does not support encryption for the page you are viewing" <zx81> michiel_unhosted: i believe the trick is to make things so easy that there is mass adoption. <aggelos> redarrow: sounds like you're trying to talk https to an http port :) <michiel_unhosted> zx81 the trick to what? [18:29] <michiel_unhosted> s/to/for <zx81> michiel_unhosted: i.e. blocking a niche service would not raise eyebrows, whereas blocking the internet does <redarrow> aggelos: No, I just wanted to find out if it might be possible to use https instead of http for the last hop to the destination <aggelos> redarrow: https is end-to-end and yes you can use it [18:30] <zx81> michiel_unhosted: if a decentralized and heavily censorship-resistant 'web' can weave itself into the very fabric of the internet, so popular apps/services are built on top of it, makes it much harder to shut down without people complaining [18:31] <michiel_unhosted> zx81 dictators still block things, despite their mass adoption. but mass adoption is obviously where we're aiming at :) [18:32] <aggelos> michiel_unhosted: still, if you have mass adoption, you /prevent/ mass surveilance, so that's something [18:33] <michiel_unhosted> the only way to be safe from dictators, is wifi mesh, i think <michiel_unhosted> and a dynamo to generate your own power ;) [18:34] <aggelos> and your own private army, yes :) <amiller> the steps i took to make a pseudonymous post were: 1) install tor, vidalia, privoxy, configure according to their website, 2) use firefox and torbutton, and audit myself through pantopticlick 3) register a hushmail account 4) make an account with twitter 5) make a post - my analysis: the hushmail account i don't consider secure, but all i care is that it isn't linked back to me, i [18:35] <amiller> found vidalia very pleasant to use, and i like the idea of auditing tools like panopticlick and i hope we make more things like that - can someone tell me if i missed an obvious step and should use a different layer somewhere <aggelos> amiller: did you use https: to connect to twitter? :) [18:36] <redarrow> amiller: have you used a dedicated browser for your tor session? [18:37] <amiller> i used a dedicated browser, a fresh firefox in privacy mode <aggelos> redarrow: torbutton is supposed to take care of things like that <redarrow> for example you use ie for daily stuff and firefoy ONLY for tor related connections <amiller> redarrow: that's precisely right, i use chrome for everything and only installed firefox for this [18:38] <redarrow> aggelos: but there are security issues - so if you want to be really sure ... <zx81> aggelos: are there any successful community or commercially based wifi meshes to study and learn from? what's the hook to get people adopting a freedombox? might have to sell the box to charities and NGOs to promote. <zx81> aggelos: 'sell' as in selling the idea. *** phaidros ([email protected]) has joined channel #freedombox *** phaidros ([email protected]) has left channel #freedombox: #freedombox *** drwhax ([email protected]) has joined channel #freedombox <aggelos> redarrow: if you're aware of such security issues please let us know so we can report them and/or fix them [18:39] <redarrow> zx81: that's the same question which comes into my mind aswell I just was not fast enough to wirte it down <aggelos> redarrow: I mean I'm aware of some, but iirc they're pretty minor *** seadog ([email protected]) has quit: Remote host closed the connection <aggelos> zx81: freifunk <amiller> aggelos: if i did not use https, would my first hop, from my laptop to the tor entry node, be unencrypted? <aggelos> zx81: but afaik it's not an ad-hoc mesh, so the answers you'll get by studying them are not always relevant [18:40] <aggelos> amiller: no, the last hop <redarrow> aggelos: one is that if you start torbutton while you have visited a website you have to refresh this site (you get an message window which points to the bug and this is more than one year old) <aggelos> redarrow: yup <amiller> aggelos: then I think it's OK as long as my goal was to make a post that could not be linked to me, even if i don't care that it gets snooped because it's essentially a 'public' 'pseudonymous' message *** phaidros ([email protected]) has joined channel #freedombox [18:41] *** sardonic ([email protected]) has quit: <amiller> however i imagine it's hard to specify exactly what your goals and needs are, because everyone's situation will be a little different <michiel_unhosted> bad news about point 1: diaspora doesn't have a read/write client for facebook. you need to register your node on facebook dev to get an api key for your domain. that's very hard to automate and it's likely that facebook would stop us registering millions of api-partners (one per end-user) http://groups.google.com/group/diaspora-dev/browse_thread/thread/29170f19c47c4c96/2d0499ad96aa6eed <aggelos> amiller: but your login credentials can be sniffed by someone running a malicious exit node <amiller> aggelos: i see, that makes sense [18:42] <aggelos> amiller: I'm assuming you won't be creating a different identity for each tweet ;) <amiller> even if i was going to do that (it was my original plan here) i would be vulnerable to someone impostoring me if it's easy to see my login credentials [18:43] <aggelos> hmm, this discussion is a bit all over the place. which is fine and appropriate really, but I'm not sure what has already been talked about :) *** glo ([email protected]) has joined channel #freedombox <michiel_unhosted> so will have to try something ourselves, at least for now <aggelos> amiller: there wouldn't be a "you", you'd be tweeting stuff independently <aggelos> michiel_unhosted: err, that's not realistic <aggelos> well [18:44] <aggelos> a /lot/ of the goals are very optimistic, just saying that 1) is the most optimistic of them ;) <michiel_unhosted> you think? <aggelos> michiel_unhosted: why not try to keep it simple, stupid and get something useful in the next couple of months [18:45] <aggelos> michiel_unhosted: I'm positive <michiel_unhosted> without the facebook-exit, you mean? <aggelos> michiel_unhosted: there's no way in hell facebook will play along <michiel_unhosted> aggelos i would propose a Levin search <aggelos> michiel_unhosted: yah <redarrow> amiller:your message is encapsuled in many layers. One for each hop. So every hop does only now the IP it comes from and the IP it goes to, but the Exit Node has to decrypt your message bevor it can be send to the webserver, so he will know your username and password if you don't use https <michiel_unhosted> ah, sorry, i wasn't thinking facebook would play along of course [18:46] <aggelos> michiel_unhosted: what does the levin search have to do with anything? <michiel_unhosted> sorry, it was a joke <aggelos> kk <michiel_unhosted> i meant to say we work on each of the 7 points at the same time *** phitoo_ ([email protected]) has quit: Quit: Konversation terminated! [18:47] <michiel_unhosted> then if one of them fails, the others will still not be delayed, or at least not by more than a constant factor [18:48] <aggelos> michiel_unhosted: imho any given goal is too big atm, so a bit of focus might help. that goes for each one of us individually, not for the group discussion of course <aggelos> ... <aggelos> people <--- .... ---> math [18:49] *** glo ([email protected]) has quit: Remote host closed the connection <aggelos> just saying that people will work on what they, personally, find interesting, so I'd much rather everyone focused on that and just presented an action plan for review/input [18:51] <zx81> aggelos: agree. diversity of projects will be good for cross-pollination. [18:53] *** twur ([email protected]) has joined channel #freedombox [18:56] *** willma ([email protected]) has joined channel #freedombox <michiel_unhosted> i am focussing on #1 of www.freedomboxfoudation.org/goals now. this may help http://www.my-guides.net/en/guides/linux/141-how-to-monitor-your-facebook-profile-in-linux [18:58] *** veosotano ([email protected]) has left channel #freedombox: #freedombox <willma> Just how paranoid/security conscious does a FreedomBox need to be? <michiel_unhosted> willma i would say "quite" [18:59] <willma> Are we targeting opressed peoples in oppressive regimes as a number one aim, or is this more about getting off the cloud and preserving western democratic ideals? <willma> Thing is, if I were a citizen of an oppressive regime I'd want to make damned sure that the freedombox would never expose me. Ever. [19:00] <aggelos> michiel_unhosted: indeed, you'd still be relying on facebook for availability, wouldn't you? <michiel_unhosted> yes, but you would just be like a client app. *** thomy ([email protected]) has joined channel #freedombox <willma> That is very different from those in a cosy western democracy who have some form of due process, a stable legal system and so on <aggelos> michiel_unhosted: ... [19:01] <michiel_unhosted> imagine you use tweetdeck to read and write your twitter <willma> The security requirements are very different <aggelos> michiel_unhosted: did you watch eben moglen's fosdem talk? I think he adresses that quite explicitly :) <michiel_unhosted> but it's only during the transition, right? <aggelos> michiel_unhosted: transition to what? [19:02] <michiel_unhosted> to a free social network. <willma> There is no transition. <willma> You leave facebook <michiel_unhosted> the thing is, if you are on a free social network, and your friends are not, then you will be very lonely <aggelos> michiel_unhosted: yah, I'd rather focus on getting /that/ on the horizon <aggelos> michiel_unhosted: yup. and I don't think there's a way around that that involves cooperation w/ facebook [19:03] <aggelos> I was in the xmpp dev room a while ago <aggelos> one of the guys that started it made a very good point <michiel_unhosted> it explicitly says "without losing touch with any of your friends" <aggelos> they had something that could replace aim/aol/icq etc perfectly well [19:04] <aggelos> and 10 years later, people are /still/ using them for regular text IM'ing <aggelos> so I don't think there was an issue with getting your buddy list out of aim/icq/whatever [19:05] <erwaelde> In the Debconf 2010 talk, there is explicit mention of aggregator sw, such that messages of my friends on facebook are collected through the same client channel as messages of my friends on elsewhere. Thats why I wrote the message on the mailing list. <michiel_unhosted> but the handy thing is you can have an aggregator client like pidgin that speaks all of the above <aggelos> michiel_unhosted: and people still stay on the same old pimps^Wsocial networks [19:06] <erwaelde> plus the new stuff, i.e. sending my message to my friends FreedomBox directly. *** nesciens ([email protected]) has quit: Quit: Leaving. <willma> but they have to want to leave FB. You can't wean people of it. It's not a drug. <aggelos> erwaelde: aww, come on, now you're moving the discussion to the abstract again ;) [19:07] <aggelos> j/k *** jdeisenberg ([email protected]) has joined channel #freedombox <michiel_unhosted> i think erwaelde is right *** seadog_ ([email protected]) has joined channel #freedombox <willma> Those who require anonymity, security, will use a tool that provides it <aggelos> willma: and it will be useless <willma> Why? <aggelos> willma: encryption is useless if only a handful of people are using it [19:08] <willma> Yes <aggelos> in a totalitarian state, it just makes you a target <willma> But we're not trying to change the world directly here are we? <erwaelde> Iff the new stuff is cooler, people will move. If it's just "more private and secure" then I do not expect many to move over. I try this discussion regularly in my workplace :-) <willma> Thats well beyond the scope of this project. <aggelos> willma: no, but what you're suggesting has been tried and failed <willma> what's the measure of failure? [19:09] <aggelos> willma: I have tons of technical acquaintances and yet /nobody/ uses gpg <aggelos> so it's close to useless for secure communication *** guybrush ([email protected]) has joined channel #freedombox <erwaelde> we are trying to re-establish, what the net was before the "internet", decentralized, immune against the loss of nodes, not controllable ... [19:10] <erwaelde> Nothing short of that. <aggelos> err <aggelos> was it ever like that? [19:11] <erwaelde> It was much less controlled by our all ISPs. <aggelos> turning it off was always just as easy *** clstaudt ([email protected]) has quit: Quit: Leaving. <willma> I think lofty aims are fine but how about the ground work first? [19:12] <willma> I also am a little concerned that the goals of a project protecting those in opressive regimes are not the same as a project that is aiming to help people get off the cloud [19:13] <willma> Can any free webmail client compete with gmail? No. <aggelos> willma: good point, but they can be reconciled, can't they? [19:14] <willma> At some point <erwaelde> I live happily without gmail. So is that the goal, compete with gmail? <aggelos> willma: are you talking about the UI or the spam filtering? [19:15] <willma> However, the security requirements for case A (oppressive regime) are very, very different case B (off the cloud) <aggelos> erwaelde: absolutely, I'd say <redarrow> erwaelde: me too as well as facebook ... But that's me <willma> UI, spam filtering, availability, security *** nesciens ([email protected]) has joined channel #freedombox <erwaelde> "Off the cloud" is a good first goal, because it will teach us lots of lessons. To make the thing "oppressive proof" is much harder. I don't think, one can get this right from the outset. [19:16] <willma> I'm migrating away from gmail for myself and a number of other users. How much they'll miss it I don't know. <aggelos> willma: UI-wise I don't see anything fundamental getting in the way. as for spam filtering... [19:17] <willma> time <redarrow> hmm, 1und1 (german ISP reseller) has a good webmailer as well <willma> gmail is the best webmailer I've ever used bar none <willma> I've used it for, what, 3 years. It's only the privacy issue that is problematic <willma> Otherwise is just works from everywhere [19:18] <willma> They ever do two factor auth now <redarrow> willma: but that should every webmailer do *** seadog_ ([email protected]) has quit: Ping timeout: 480 seconds <willma> Yes, I agree, but they do that as a security feature. Sorry, it's a bit unrelated to my previous points. <aggelos> willma: except you can't really do gpg w/ a web client, can you? :) <redarrow> if a webmailer does not work everywehre it has missed his point ment to be <willma> But a freedombox webmailer would be stuck at the end of an ADSL line or even a mobile line [19:19] <willma> erm, I mean modem <erwaelde> "ground work": I'm currently building/testing tahoe-lafs on a seagate dockstar. Takes some time. This isn't packages for debian. Anyone knows if there is work in progress? <redarrow> aggelos: you probably can use gmail accounts in your Mail Client like Thunderbird or Outlook and there use gpg but thant of course its not location independent [19:20] <erwaelde> /packages/packaged/ <willma> aggelos: You can do S/MIME I would have thought? <aggelos> redarrow: at that point I can use my regular mail server <aggelos> willma: but you then trust the code serv <aggelos> *ed to you by the server? <redarrow> aggelos: right <willma> aggelos: Can browsers sign data/ [19:21] <willma> ? <willma> They can certainly generate private keys <aggelos> willma: JS is turing complete, it can do anything :) <willma> haha, yeah <aggelos> but then you put all your faith in the server [19:22] <aggelos> (this could be worked around w/ browser extensions) <willma> So, would I be safe when looking the the OS security side to assume that the 'off the cloud' case is the primary target at the moment? <aggelos> but to be frank, doing secure mailing at an internet cafe or at some other untrusted box is hopeless <willma> I mean, private keys can be generated by browser native code. [19:23] <willma> Very true <aggelos> willma: not sure I get what you mean <zx81> off-topic: Is there going to be log of this chat anywhere? I will be in and out today but dont want to miss anything. [19:24] <willma> I'm looking at goal 5. I want to make sure what I do is proportionate to the platforms use <willma> That is either 'off the cloud', in which case ease of use is >= security. For the oppressive regime use, security is priority number one. [19:25] <aggelos> btw, http://gigaom.com/2011/02/17/building-the-technology-stack-for-internet-freedom/ [19:26] <willma> what's the USs agenda? Why fund this? [19:28] *** seadog_ ([email protected]) has joined channel #freedombox <aggelos> willma: I think people here mostly agree that you want a unified network that will be adopted for home-cloud style usage and will be instantly available in hard times <aggelos> willma: let's not talk politics now ;) <willma> haha :) [19:29] <michiel_unhosted> "2) Secure backup: Your data automatically stored in encrypted format on the Freedom Boxes of your friends or associates, thus protecting your personal data against seizure or loss" - this would need a user interface that lets you choose friends. do any of the proposed packages have that? <aggelos> michiel_unhosted: choosing friends is easy. it's finding them that's the interesting part ;) <aggelos> michiel_unhosted: and I don't know of anything that does that <aggelos> michiel_unhosted: imho it would be a very useful building block [19:30] <michiel_unhosted> finding them could be out-of-band <willma> I think I'm missing a part of this here. What's the protocol used between freedomboxs? What does 'instantly available' mean? <aggelos> michiel_unhosted: that reduces it to a public-key distribution problem which we have failed to solve in the past. or not? <aggelos> willma: meaning you're already using it. you don't have to go searching for instructions on how to set it up when things go bad [19:31] <michiel_unhosted> but it's not that pressing here. if it's only for the backups, you could send a backup request to a friend you know from meatspace [19:32] <willma> 'go bad'? <aggelos> michiel_unhosted: imho you absolutely want to use meatspace friends as backup buddies anyway <michiel_unhosted> then the friend could phone you and give you the key, or a password or whatever in a voice call. or even a live face-to-face meeting <aggelos> michiel_unhosted: solves the churn/availability problem nicely <willma> michiel_unhosted: What about a distributed, encrypted backup? Too slow? Too much data? <aggelos> michiel_unhosted: ffs [19:33] <aggelos> michiel_unhosted: gpg has demonstrated that won't happen <aggelos> willma: too much of a research problem imo [19:35] <aggelos> willma: there have been solutions proposed and implemented though <aggelos> willma: http://oceanstore.cs.berkeley.edu/info/overview.html [19:36] *** jdeisenberg ([email protected]) has quit: Quit: http://www.mibbit.com ajax IRC Client <willma> There is always encryption + cloud storage, no? Dropbox, S3 etc. [19:37] <aggelos> ... <willma> It all relies on the private key being secure but <aggelos> "availability" <michiel_unhosted> so is there any conclusion about "4) Safe anonymous publication: Friends or associates outside zones of network censorship can automatically forward information from people within them, enabling safe, anonymous publication"? [19:38] <willma> A distributed option is the only way then surely? <aggelos> willma: yah, but it can be a global data store or a friendnet, I prefer the latter b/c I think it's more straightforward to implement [19:39] <willma> The former doesn't require you trust a friend <aggelos> michiel_unhosted: again, are we talking darknet or internet? I'm not yet clear on that *** and1bm ([email protected]) has joined channel #freedombox [19:40] <michiel_unhosted> i don't know either :) <dxld> aggelos: both <aggelos> willma: yes, the former has advantages too, but w/ a tahoe-style solution you don't need to either <michiel_unhosted> i've copied this from the foundation's website, presumably this has been formulated by Eben himself. <aggelos> willma: you just depend on the fact that not all your friends will < go away at the same time <aggelos> michiel_unhosted: eben's not jesus :) [19:41] <aggelos> no need to start interpreting him here, we can each have our own opinion, no? :) <michiel_unhosted> about "5) Home network security, with real protection against intrusion and the security threats aimed at Microsoft Windows or other risky computers your network", i'll say willma is looking into this [19:42] <aggelos> dxld: well doing just the anonymous publication on the internet thing is way easier ;) <dxld> ^^ <willma> Yes, I'll pick that up [19:43] <dxld> i think for now we should just use tor <dxld> we can add a darknet later <michiel_unhosted> do you know any debian packages for this yet? <michiel_unhosted> or anything else i can mention in my email <aggelos> willma: can you explain what it's about? :) not clear on that either <willma> 5)? <aggelos> yah [19:44] <willma> My understanding is a firewall or alerting system <aggelos> huh? <aggelos> but that assumes you're the router, no? <willma> with IDS (e.g. snort), firewall (shorewall) <willma> yes, to a large degree <willma> Quite frankly if you're not you're not going to see very much <willma> nessus could be part of that <willma> but it's an active check [19:45] <aggelos> uhhh <erwaelde> 5) has to do with the FB being my router. *** Mixhael ([email protected]) has quit: Quit: Mixhael <aggelos> those are admin tools <willma> Yes <aggelos> not that useful for home users <willma> Depends on the UI <aggelos> also, see HerraBRE's objections re: assuming you're the router <aggelos> on the list <willma> Oh, sure <willma> this project isn't a router and the shiva plug etc only have 1 NIC [19:46] <willma> I will give it some thought <erwaelde> It's useful for home users, if it prevents a single instant of someone getting in from the outside. <aggelos> willma: guruplug has two, and in any case most home users use wifi *** clstaudt ([email protected]) has joined channel #freedombox <willma> 'Most' is not all <aggelos> erwaelde: it just can't do that <aggelos> willma: I know <erwaelde> a FB might be a tad better than the stuff I got from my ISP? [19:47] <willma> So, what did whoever wrote 5) have in mind? <willma> Yes, it would be better. Could to IPv6 as well <willma> but there are plenty of router projects out there <aggelos> willma: just saying, it's reallly hard to do IDS if you're not the router and impossible to protect other boxes <willma> I know. <aggelos> willma: unless you hijack the gateway ip etc [19:48] <aggelos> but that's ... problematic <willma> Can do IDS for the freedom box itself <willma> no, this has to be clean. RFCs are king :) <willma> But whoever wrote 5 must have had some idea of what they meant? <willma> Otherwise it's a bit of a pointless goal is it not? [19:49] <aggelos> willma: I'd return to sender(tm) <aggelos> willma: "too vague, explain your assumptions" <willma> sure <willma> It needs clarification of the aim <willma> However, there is no reason security auditing can't be in the remit [19:50] <aggelos> and the deployment model <aggelos> willma: again, home users <willma> E.g. check local machines firewalls, nessus scan with traffic lights on the result <willma> sure, but information is power. <aggelos> they just won't know what to do w/ a security report, no matter how dumbed down <aggelos> willma: but feel free to prove me wrong :) [19:51] <willma> true, but I don't think that's not a reason not to <willma> It could hook into routers and other devices <willma> but then that requires the ISP to allow SNMP access, telnet access or what have you <willma> My main reason for picking that up was to look at the freedom box integrity and checking [19:52] <aggelos> willma: snmp is useless for ids purposes? <willma> IDS, antivirus, auditing, integretiy checks etc <aggelos> willma: and telnet interfaces are not even close to standardized ime <willma> Limit use <willma> No, so it's have to be customised per device <willma> limited use on the snmp <aggelos> heh [19:53] <aggelos> that's not really realistic <willma> As I say, I'll give it some though. I only volunteered 90 minutes ago :) <willma> no, its not <willma> So, michiel_unhosted, that goal needs some clarification as to what it means <willma> What did the author have in mind? [19:54] <aggelos> it sucks that I'm only shooting down ideas btw <willma> Given the freedombox is not a rooter <willma> No, aggelos not at all <willma> I see the faults too <michiel_unhosted> willma ok, your lead :) <michiel_unhosted> i'll put that remark in my email <willma> Come up with ideas then see if they stick <aggelos> michiel_unhosted: will you CC the list please? <willma> michiel_unhosted: On a positive note, I'll look at Freedombox integrity as part of 5 [19:55] <michiel_unhosted> i will do better than that, i will To: the list :) <michiel_unhosted> yes, i already wrote that. <aggelos> :) <ehj> willma, here are some old ideas on another project, something might be fun: http://euwiki.org/Propensities/Free_Infrastructure [19:56] <ehj> willma, maybe some links at the bottom can even be useful [19:57] <willma> I'll review, thanks ehj <willma> got to go for a while. bbl <ehj> willma, thanksm byt <ehj> willma, thanks bye [19:58] *** willma ([email protected]) has quit: Quit: willma ERC> /names #freedombox *** Users on #freedombox: clstaudt and1bm seadog_ nesciens guybrush thomy twur phaidros drwhax tg michiel_unhosted zx81 ian_brasil_ lukisi ehj redarrow GNUtoo|laptop djbclark dxld qualiabyte e3i8 jonas mono000333 erwaelde nicoman ErkanYilmaz1 aggelos ram0 josef|rumba unicron javaanse_jongens skhaen ailo_ hossi mfb mikepark egh kaner amiller micah HerraBRE rtdos crc peddie kelsoo holloway anarcat WinterMute pickan craSH persia aevin irvee ludens sstangl openfly qubitsu tmarble anibal *** Users on #freedombox: dilinger mjj29 cmn OdyX zumbi_ <michiel_unhosted> email sent. i have to leave now! [20:00] <amiller> cheers <michiel_unhosted> please correct any errors/bias in the email <michiel_unhosted> i didn't always understand/follow everything that was being said, so it is likely that parts of my email are plainly in contradiction with what was actually said - whereever this is the case, please correct. [20:02] <michiel_unhosted> http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-February/000480.html <michiel_unhosted> have to run now, bye! [20:03] <erwaelde> received. Thanks for all the effort! <erwaelde> Bye *** michiel_unhosted ([email protected]) has left channel #freedombox: #freedombox _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
