[Freedombox-discuss] Sunday HackFest
Hello,
On 02/20/2011 07:59 PM, Michiel de Jong wrote:
> People are still actively discussing the 7 goals set by the
> freedomboxfoundation in the IRC channel, but I have to leave, so as
> promised, here is a little round-up email of today's Sunday Hackfest. This
I take the liberty to post my log of the irc channel to the list.
Is there an official log place?
Cheers,
Erich
[Sun Feb 20 2011]
*** You have joined channel #freedombox [13:23]
*** Topic for #freedombox: http://wiki.debian.org/FreedomBox |
https://alioth.debian.org/projects/freedombox/
*** #freedombox: topic set by ChanServ!services at services.oftc.net, 16:41:39
2011/01/12
*** Users on #freedombox: erwaelde mirsal_ nicoman ehj pabs julianoliver
ErkanYilmaz1 Bugsbane aggelos michiel_unhosted ram0 Michaelblizek
josef|rumba sardonic bochecha unicron javaanse_jongens milk mono000333
skhaen ailo_ hossi mfb mikepark egh kaner amiller micah HerraBRE rtdos crc
peddie kelsoo holloway anarcat WinterMute pickan craSH persia aevin irvee
ludens sstangl openfly qubitsu tmarble anibal dilinger mjj29 cmn OdyX
zumbi_
*** #freedombox modes: +nt
*** #freedombox was created on Friday 2010/08/06 04:22:49 PM
*** mirsal_ (~mirsal at sal69-2-78-192-146-25.fbxo.proxad.net) has quit: Remote
host closed the connection [13:27]
*** mirsal_ (~mirsal at sal69-2-78-192-146-25.fbxo.proxad.net) has joined channel
#freedombox
*** Bugsbane (~user at bas2-oshawa95-1242505642.dsl.bell.ca) has quit: Ping
timeout: 480 seconds [13:34]
*** qualiabyte (~qualiabyt at 184.233.105.235) has joined channel #freedombox
[13:45]
*** julianoliver (~julian at 160.Red-88-2-199.staticIP.rima-tde.net) has quit:
Read error: Connection reset by peer
*** milk (~milk at 94-193-93-226.zone7.bethere.co.uk) has quit: Quit: baaaiiii
[13:54]
<kaner> so the tor project is building a hardware-based relay version, its
called `torouter' [14:04]
<kaner> similar requirements like freedombox
<kaner> i thought you'd find this interesting: http://pastebin.com/qf32Ug7f
[14:05]
*** Bugsbane (~user at bas2-oshawa95-1242505642.dsl.bell.ca) has joined channel
#freedombox [14:09]
<ehj> hi, im' so happy for fbx, just want to say telekompinnen was
conceptualised 2 years ago
http://euwiki.org/Propensities/Free_Infrastructure :-) [14:19]
*** mirsal_ (~mirsal at sal69-2-78-192-146-25.fbxo.proxad.net) has quit: Ping
timeout: 480 seconds [14:25]
*** mono000333 (~mono00033 at 91.79.92.121) has quit: Ping timeout: 480 seconds
[14:26]
*** mono000333 (~mono00033 at 91.79.111.190) has joined channel #freedombox
[14:27]
*** bochecha (~bochecha at n219078053217.netvigator.com) has quit: Ping timeout:
480 seconds [14:32]
*** endian7000 (~endian700 at 64.134.103.20) has joined channel #freedombox
[14:34]
*** nesciens (~nesciens at ip82-139-84-66.lijbrandt.net) has joined channel
#freedombox
*** jonas (~jonas at host81-141-93-96.wlms-broadband.com) has joined channel
#freedombox [14:39]
*** jonas (~jonas at host81-141-93-96.wlms-broadband.com) is now known as
Guest2019
*** Guest2019 (~jonas at host81-141-93-96.wlms-broadband.com) is now known as
jonas [14:41]
*** e3i8 (~ericking at cpc1-camd8-0-0-cust107.hari.cable.virginmedia.com) has
joined channel #freedombox [14:52]
*** qualiabyte (~qualiabyt at 184.233.105.235) has quit: Ping timeout: 480
seconds [14:55]
*** qualiabyte (~qualiabyt at 184.233.105.235) has joined channel #freedombox
[14:56]
*** nesciens (~nesciens at ip82-139-84-66.lijbrandt.net) has quit: Quit: Leaving.
[15:05]
*** nesciens (~nesciens at ip82-139-84-66.lijbrandt.net) has joined channel
#freedombox [15:06]
*** bochecha (~bochecha at n219078053217.netvigator.com) has joined channel
#freedombox [15:11]
*** phitoo_ (~philippe at dpc6747121246.direcpc.com) has joined channel
#freedombox [15:12]
<endian7000> to paraphrase Michiel and his epic Observer Effect... why is this
room so quiet? [15:22]
*** michi_ (~michi at 178-191-226-27.adsl.highway.telekom.at) has joined channel
#freedombox [15:23]
<endian7000> anyone ready to rumble?
*** michi_ (~michi at 178-191-226-27.adsl.highway.telekom.at) has quit: Quit:
Leaving [15:28]
*** ehj (~ehj at 88.147.15.175) has quit: Remote host closed the connection
[15:29]
*** Michaelblizek (~michi at 188-22-100-108.adsl.highway.telekom.at) has quit:
Read error: Operation timed out
<michiel_unhosted> yes, sorry [15:40]
<endian7000> howdy
<michiel_unhosted> i'm ready :)
<endian7000> * rumbling *
<endian7000> is there a wiki page with (city -> (person, skillz,
interests)-list) yet? [15:41]
* michiel_unhosted revving up the engines ;)
*** dxld (~DanielG at chello212186033116.406.14.vie.surfer.at) has joined channel
#freedombox
<endian7000> there should be -- local meetups/hackathons are fun and
productive [15:42]
<michiel_unhosted> so what i think we can do is maybe see who wants to look
into which of the seven goals today
*** djbclark (djbclark at 208-78-97-186.slicehost.net) has joined channel
#freedombox
<michiel_unhosted> 1) Safe social networking, 2) Secure backup, 3) Network
Neutrality, 4) safe anonymous browsing, 5) home network
security, 6) encrypted email, 7) private voice communications
- ref. http://www.freedomboxfoundation.org/goals/
*** GNUtoo|laptop (~gnutoo at host68-143-dynamic.54-79-r.retail.telecomitalia.it)
has joined channel #freedombox [15:43]
<michiel_unhosted> i will start by looking into how far diaspora is with the
facebook integration, for 1).
<endian7000> 1, 2, 6 here [15:44]
<michiel_unhosted> the secure backup can i think be a cronned rsync?
<GNUtoo|laptop> hi, just for knowing, what's the starting point? take luci
configuration and web interface of openwrt and port it to
debian?
<endian7000> I was thinking a system-integrated app [15:45]
* GNUtoo|laptop was on #freedombox on freenode and tought we were doomed
because there was nearly nobody and the channel was not active
<endian7000> to back up a mac, for example, use FSEvents for better
performance
<endian7000> there are lots of complementary subsets of work here [15:46]
<endian7000> am I missing some here? https://github.com/tafa/tafa/wiki
<bochecha> michiel_unhosted, fwiw, I suggested it earlier but let's reiterate
just in case: there's one FOSS facebook equivalent that isn't
listed on the wiki page called Friendika. I haven't tested it
myself, but it seems pretty advanced already and might be worth
looking at
<michiel_unhosted> bochecha there are roughly 30 FOSS facebook equivalents
[15:47]
<michiel_unhosted> diaspora, friendika, statusnet, appleseed, and many more
<bochecha> michiel_unhosted, they already have a federation protocol though,
just like what Diaspora is still trying to implement [15:48]
<endian7000> http://identi.ca/jancborchardt is aggregating FOSaaS links
<endian7000> http://libreprojects.net/ and
https://jancborchardt.titanpad.com/libreprojects
<GNUtoo|laptop> hmmm does disapora use xmpp?
<endian7000> should we use that term? FOSSaaS? it sounds cool
<michiel_unhosted> yeah, i like FOSSaaS as a term [15:49]
<michiel_unhosted> diaspora does not use xmpp, although there is i think a
fork that does
<endian7000> with social, people seem to be focusing on
information-propagating systems [15:50]
<michiel_unhosted> basically, i think there is xmpp federation and OStatus
federation
<endian7000> that's important, but I want to focus on the silent aggregation
parts instead
<endian7000> and then integrate a propagation system
*** pabs (~pabs at d122-104-112-53.per9.wa.optusnet.com.au) has quit: Quit: Don't
rest until all the world is paved in moss and greenery.
<endian7000> silent-social: you have one node/page per person [15:51]
<endian7000> and as you use LinkedIn/Twitter/Meetup/..., the HTTP responses
get parsed and imported
<endian7000> and you can explicitly add notes, public key fingierprints...
[15:52]
<endian7000> it could be an address book + extra info
<endian7000> hmm, there are only a few of right now [15:53]
<endian7000> maybe we should introduce ourselves and what we want to work on?
<endian7000> michiel?
<michiel_unhosted> yes, sorry
<michiel_unhosted> you are describing a project called silent-social now,
right?
<endian7000> a project idea -- it doesn't exist [15:54]
<michiel_unhosted> ah
<michiel_unhosted> Safe social networking, in which, without losing touch with
any of your friends, you replace Facebook, Flickr, Twitter
and other centralized services with privacy-respecting
federated services;
<endian7000> "social-agg" would be better...
<michiel_unhosted> i think diaspora is already a social aggregator project
<michiel_unhosted> and the goal says we need at least facebook, flickr and
twitter. [15:55]
<michiel_unhosted> twitter is easy, flickr can't be that hard either i think
*** redarrow (~thomas at 188.40.154.38) has joined channel #freedombox
<michiel_unhosted> privacy-respecting federated services is also easy, there
are many of those around [15:56]
<michiel_unhosted> so i think the part to focus on there is a read/write
client for facebook
<michiel_unhosted> 8 days ago someone said on diaspora-dev that this should
work in diaspora now. so my question would be: is there
anything else that aims to be, or include, a facebook client?
[15:58]
<endian7000> not sure -- I'm no facebook expert [15:59]
<michiel_unhosted> or, otherwise, is there anything in diaspora that makes it
unfit for using it as [a basis for] the solution for goal 1)
<michiel_unhosted> meaneither ;)
<endian7000> the code and UX was dreadful
<endian7000> but they're probably better now
<endian7000> *were [16:00]
<michiel_unhosted> we'll see.
<michiel_unhosted> my goal for today is install diaspora, test facebook
integration, and report back about it.
<endian7000> cool
<endian7000> my dev goal is to make progress on tafa-media and tafa tools
<michiel_unhosted> would you agree that that would be a sensible first step
for goal 1)?
<endian7000> yes [16:01]
<michiel_unhosted> cool, what does the name stand for?
<endian7000> maybe we should have a titanpad with what we're doing / notes
<endian7000> TAFA: temporary acronym for a freedom box attempt [16:02]
<endian7000> https://github.com/tafa
<endian7000> https://github.com/tafa/tafa/wiki
<michiel_unhosted> ok.
<endian7000> titanpad? http://titanpad.com/3LsfCMplSR [16:03]
<michiel_unhosted> anybody else here feel like hacking?
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-February/000473.html
<endian7000> brb coffee [16:05]
<michiel_unhosted> i'll stop editing the titanpad while the other person
organises the goals list :) [16:06]
<dxld> about goal 6(encrypted email), is the fb supposed to act as a mail
server that transparently en/decrypts mail so the user can retrieve
decrypted mail directly from the fb?
<michiel_unhosted> i understand it as installing a pgp-capable webmail service
on it [16:08]
<dxld> ah
<endian7000> back [16:09]
<endian7000> right: tafa-mail :)
<michiel_unhosted> dxld (and other people) do you want to work on one of the 7
points today?
<dxld> im just looking at what i could do [16:10]
<michiel_unhosted> ok cool! good to have you here :) apart from you, so far
it's endian7000 and me, i think
<dxld> do we have any restraints on what tools should be used?
<michiel_unhosted> here is what i wrote about this "Sunday Hackfest" effort:
trying to hack together an experimental version of the
freedombox in a virtual server image, with whoever wants to
join in. The starting point will be this:
http://pagekite.net/community/DebianFB/ (open
freedombox.20101010.tar, inside there is an image that you
can open with Oracle VM VirtualBox) and the goals will be
this: http://www.freedomboxfoundation.org/goals/
<dxld> ruby/php/node ..?
<endian7000> I think we should have these constraints:
https://github.com/tafa/tafa/wiki [16:11]
<endian7000> so dozens of apps can share a NodeJS process
<michiel_unhosted> there is a constraint to *try* to use existing debian
packages wherever possible
<dxld> right
<endian7000> and be awesomely efficient
<michiel_unhosted> although
<michiel_unhosted> talking about web apps changes this, i think
<endian7000> are y'all familiar with NodeJS and why it's awesome? [16:12]
<endian7000> 2009 slides:
http://s3.amazonaws.com/four.livejournal/20091117/jsconf.pdf
<dxld> endian7000: absolutely!
<michiel_unhosted> :)
<endian7000> :)
<endian7000> are you familiar with CoffeeScript? [16:13]
<endian7000> and Express?
<dxld> i heard of it but never felt like playing with it
<dxld> i've been working with node.JS for quite a while, so i know all the
usual stuff ;) [16:14]
<endian7000> :)
<endian7000> I think it should be _this_ easy to write apps:
https://github.com/tafa/tafa-media/blob/master/app.coffee
<endian7000> I need to clean up/release the tool I made for running apps like
that... [16:15]
<dxld> but i still don't entirely get what we are trying to do now..
<endian7000> different things
<endian7000> michiel is researching the state of (diaspora, facebook
integration)
<dxld> do we want to build everything on top of node or use existing stuff
that uses php/ruby or whatever?
<endian7000> I want to build on node [16:16]
<endian7000> some want to package existing stuff
<dxld> well me too ;) but that is just a really huge effort
<endian7000> what projects are you interested in?
<michiel_unhosted> i think we shouldn't be talking about writing node apps for
stuff that already exists in debian [16:17]
<dxld> building stuff like webmail, mesh networking on top of node when there
are already projects that do this
<michiel_unhosted> so webmail, probably exists in debian
<michiel_unhosted> so then we shouldn't write a new webmail program
<dxld> endian7000: CouchDB, GNUNet, Node, stuff like that
<endian7000> which webmail apps are in debian? [16:18]
<endian7000> cool
<dxld> michiel_unhosted: i was thinking we could use SquirrelMail
<dxld> they have a PGP plugin
<michiel_unhosted> great!
<endian7000> SquirrelMail is PHP [16:19]
<dxld> mhm :/
<michiel_unhosted> so let's not spend much more time on that one today now
then
<endian7000> it doesn't use any client-side JS
<michiel_unhosted> endian7000 that's not the point
<michiel_unhosted> the point is whether it is a debian package or not
<michiel_unhosted> now, if we find that there are things that don't exist
<dxld> endian7000: i don't like it either, but it does the job ;)
<michiel_unhosted> then that's where we start coding
<michiel_unhosted> and it is already in debian
<michiel_unhosted> i think
<endian7000> one goal: have as awesome as possible a distro in a few months
[16:20]
<endian7000> which means writing awesome frontend apps
<endian7000> dxld: any specific things you want to hack on now? [16:21]
<endian7000> http://titanpad.com/3LsfCMplSR [16:22]
<dxld> i'm not sure yet ^^
<dxld> is the secure backup supposed to backup files or stuff like contact
info ? [16:23]
<endian7000> files, maybe more [16:24]
<dxld> mhm
<erwaelde> I envision secure backup as something like tahoe-lafs, see:
http://tahoe-lafs.org/
<endian7000> cool [16:25]
<erwaelde> A system of containers spread among the FB systems, where files are
stored encrypted. Default values: everything os loaded to 10 nodes,
with 3 functional of them data can be recovered.
<erwaelde> Encryption is done on the client side, so someone else can never
see the data in clear text. [16:26]
<dxld> does tahoe scale space wise?
<erwaelde> I don't know. I have made an attempt to install it on a few boxes
of mine, but thats all. [16:27]
<dxld> i mean when you have 200 freedom boxes with 10GB of storage and you
distribute that to 10 other nodes how is that ever going to work?
<michiel_unhosted> endian7000 i don't agree with you on the goal of having an
as awesome as possible distro in a few months. i think we
should stick to debian wherever possible
<endian7000> sorry, I should have said "suite of apps"
<erwaelde> This means that 90% or more of my local disk is used as storage for
others.
<erwaelde> Thats the price for regaining my data after loss of the local box
for whatever reason.
<dxld> right [16:28]
<javaanse_jongens> flashblock [16:29]
<javaanse_jongens> ops
<javaanse_jongens> wrong win again
<erwaelde> IMHO this is not for my music collection, videos, images, but maybe
for smaller but more important snippets of data
<dxld> true, but there is a lot of potential for abuse in providing storage to
others [16:31]
<endian7000> with client-side encryption, users could use S3
<erwaelde> Certainly. It seems that tahoe-lafs was designed as well to store
my stuff in some providers cloud, but disabling them to see it in
clear. [16:32]
<erwaelde> The use of S3 might be shut down. That is much harder with 200
nodes distributed over the planet. [16:33]
<endian7000> so the whole sharing thing could be an unnecessary distraction
from encryption, {Mac,Win,Lin}-integration, and other aspects...
<endian7000> true
<erwaelde> That's what I gather from Eben Moglens presentations
*** willma (~willma at 165.214.187.81.in-addr.arpa) has joined channel
#freedombox [16:35]
<endian7000> for those joining us now: http://titanpad.com/3LsfCMplSR [16:37]
*** bochecha (~bochecha at n219078053217.netvigator.com) has quit: Quit: Leaving
[16:41]
<michiel_unhosted> gnunet, good point [16:43]
<michiel_unhosted> that had sunk to the back of my memory
<dxld> it doesn't work yet but i really like it anyways
<dxld> well the file sharing service doesn't work yet [16:44]
<HerraBRE> Hello! Better late than never :)
<dxld> hey
*** endian7000 (~endian700 at 64.134.103.20) has quit: Quit: endian7000
<michiel_unhosted> hi! [16:45]
<michiel_unhosted> http://titanpad.com/3LsfCMplSR
<willma> I take it the pad is free update? [16:46]
<willma> So just add stuff that might fit the bill?
<HerraBRE> It seems you guys are duplicating somewhat the work on the wiki -
is that deliberate?
<willma> Which page HerraBRE? [16:48]
<michiel_unhosted> that may have been me, sorry
<HerraBRE> moment, looking for the link :)
<willma> Is the coffee JS thing the language to be used for the interface/GUI?
[16:49]
<HerraBRE> http://wiki.debian.org/FreedomBox/ExampleProjects
<HerraBRE> That has a lot of resources listed for various tasks.
<michiel_unhosted> willma that is a suggestion of endian7000, but in general,
we are looking at building the whole thing from debian
packages [16:50]
<willma> including the web gui? an out of the box solution?
<michiel_unhosted> well, yes, sort of [16:51]
*** endian7000_ (~endian700 at 64.134.103.20) has joined channel #freedombox
<michiel_unhosted> for instance, SquirrelMail is already a web gui
<endian7000_> back -- did I miss much?
<willma> but they you have OS configuration
<michiel_unhosted> what do you mean by that?
<willma> Sure use established, stable, secure apps for the actual work aspect,
but there needs to be system glue [16:52]
<willma> webmin probably isn't suitable :)
<HerraBRE> willma: but could it be a useful beginning, and then skinned and
cleaned up?
<michiel_unhosted> willma i wouldn't necessarily say there needs to be glue
* michiel_unhosted agrees with HerraBRE [16:53]
<HerraBRE> I was trying to remember the name of webmin, knew it existed :=
<HerraBRE> :)
<endian7000_> there needs to be one web app interface
<endian7000_> with /app-commons
<willma> I agree with endian7000_
<endian7000_> where you can browse/search apps and install them with one click
<endian7000_> and /configure where you can see your hardware topology [16:54]
<endian7000_> (e.g. an picture of a hard drive with a line to your third
sheevaplug)
<endian7000_> and you can tell it to format and use the drive
<HerraBRE> I agree that something like that will need to exist at some point.
Not sure if it needs to be the first thing done, but perhaps in
parallel. Question is whether anything exists already or if it is
easier to write from scratch. [16:55]
<endian7000_> and yes, you're sure
<endian7000_> scratch! scratch! scratch!
<dxld> endian7000_: +1
<willma> From scratch I think. I'm not aware of anything suitable OTS
<willma> However, is it needed from day 1? Who is the target for the unit?
[16:56]
<willma> I'd recommend Perl or maybe Ruby for the glue. There are already a
load of system integration modules available. Could even use Puppet
<WinterMute> webmin is pretty complex [16:57]
<willma> Too complex I'd argue. And potentially insecure
<HerraBRE> An admin interface is insecure by default :) [16:58]
<HerraBRE> I mean, that's it's job.
<willma> If the target of this project is really those who have a lot to loose
through access to the device the attack surface needs to be tiny
<erwaelde> given the latest ruby packaging withdrawals, I'd prefer perl.
<endian7000_> insecure by default? how?
<endian7000_> HTTPS
<HerraBRE> Perl is much more mature. It's uglier, but there is a massive
amount of support for it.
*** veosotano (~veosotano at 89.131.202.114) has joined channel #freedombox
<endian7000_> and in the box, there's a sheet of paper
<willma> I agree with that
<HerraBRE> endian7000_: what I mean, is an admin interface has superuser and
reconigures the entire device.
<endian7000_> with the HTTPS fingerprint
<endian7000_> ah, yes [16:59]
<endian7000_> but that's probably in the interest of most users
<willma> Admin interrace needn't have root/super user to all the system
<endian7000_> at least to get started
<veosotano> hello all
<endian7000_> howdy
<HerraBRE> So saying webmin is insecure is silly, is all.
<HerraBRE> you can put a password and https around it just like anything else.
<endian7000_> veosotano: collaborative notes @ http://titanpad.com/3LsfCMplSR
[17:00]
<endian7000_> yes
<willma> HTTPS uses it's own web server, it runs as root/has root equivilancy
<willma> s/HTTPS/webmin/
<HerraBRE> That is a good basic design. [17:02]
<HerraBRE> Separate it from other web-things.
<willma> But then it relies on it's own security rather than that of a larger
project. I think webmin is too complex for this projects audience
anyway [17:04]
<veosotano> excuse my ignorance, but I'm quite new to this project... could
anyone explain to me in 1 sentence what FreedomBox is about?
<veosotano> is it an Operating System?
<erwaelde> otano> is it an Operating System? [17:05]
<erwaelde> ERC>
<HerraBRE> veosotano: A debian-derived Linux distribution, suitable for
embedded plug-style computers designed to provide the services
people need to enhance privacy and provide a private alternative to
cloud-based services.
<HerraBRE> Is my understanding.
<ErkanYilmaz1> veosotano, see also http://en.wikipedia.org/wiki/FreedomBox
<WinterMute> veosotano: http://freedomboxfoundation.org/goals/
<erwaelde> More like a set of packages than a distribution. [17:06]
<HerraBRE> erwaelde: Calling it a distribution is probably the most clear way
to explain, even if you could cherry-pick things from it and merge
into other systems.
<veosotano> and is Unhosted a part of FreedomBox? just aligned goals?
collaborating foundations? [17:07]
<WinterMute> isn't the target audience non tech/non geek?
<HerraBRE> WinterMute: yes. Which just means the hardware vendor pre-installs
the distro for you, and the distro tries to be really easy to use.
[17:08]
<michiel_unhosted> veosotano the two projects are unrelated, although both
were inspired by Eben Moglen [17:09]
<veosotano> ah ok :)
<michiel_unhosted> unhosted is a small piece in a bigger puzzle
<michiel_unhosted> freedombox is another piece.
<veosotano> its a bigger movement, then [17:10]
<veosotano> about descentralizing the internet
<endian7000_> and TAFA is another piece: an attempt to write lots of awesome
web apps that run well on a FB
<endian7000_> https://github.com/tafa/tafa/wiki
<veosotano> am I right?
<michiel_unhosted> veosotano yes :) exactly
<HerraBRE> veosotano: yes, I think that's pretty accurate :)
<endian7000_> yes
<willma> Thats why I'm here veosotano :) [17:11]
<veosotano> :D [17:12]
*** lukisi (~lukisi at 195.81.18.210) has joined channel #freedombox [17:13]
<willma> How is security is general being addressed? What standards are too be
adhered to? [17:14]
<michiel_unhosted> hi lukisi, welcome - if you're here to hack, see
http://titanpad.com/3LsfCMplSR
<michiel_unhosted> i am looking into goal 1, specifically, i'm trying to find
out to what extent diaspora solves the facebook integration.
[17:15]
<willma> I happy to start to look at OS platform security. I doesn't seem to
be addressed anywhere [17:17]
<lukisi> Hi all
<veosotano> hi
<michiel_unhosted> willma cool! that would fall under number 5, i think?
[17:18]
<michiel_unhosted> or what do you call OS platform security?
<willma> If the device itself is considered 'home'
<willma> Making sure the unit is safe, secure and can be trusted
<michiel_unhosted> it's debian [17:19]
<willma> So audit, logging, integrity checks
<willma> The running system
<michiel_unhosted> ah
<willma> Not the source
<michiel_unhosted> that makes sense
<michiel_unhosted> intrusion detection, that sort of thing, right?
<michiel_unhosted> is there a debian package for that?
<willma> yes
<willma> apparmor or SELinux
<willma> They have... overheads though
<willma> Also, whether VServer/OpenVZ would be useful for segregation [17:20]
<michiel_unhosted> i hear ya
<michiel_unhosted> ok, so even though it's not strictly part of goal 5, we can
file it under goal 5 i guess. good luck and have fun! :)
[17:21]
<willma> Thanks, I will :D
<endian7000_> how about a (city --> (person, skillz, interests)-list) page?
<endian7000_> http://titanpad.com/jJ7Y6xtT8d
<endian7000_> local meetups and hackathons can be fun and productive [17:22]
<michiel_unhosted> willma add yourself to the titanpad under 'What we're
working on now / progress notes'
<willma> I have an idea of spawning containers and configuring them using
puppet. [17:23]
*** Schlomo (~Steff at 81-234-111-32-o279.telia.com) has joined channel
#freedombox [17:24]
<willma> I think it might be a little out of scope for this work, but it would
certainly provide security
<willma> It's just everything else would have to fit around it
<michiel_unhosted> would it?
<endian7000_> you mean like how startups deploy to VMs?
<HerraBRE> willma: that sounds a tad heavy for a plug computer :)
<willma> I guess so. BUt locally
<willma> SHouldn't be
<willma> the containers off very little over head [17:25]
<willma> I think I'll file it in the to be investigated pile for now :)
<willma> I'll look at security and integrity and other number 5 stuff.
<michiel_unhosted> willma cool!
<willma> Gives me an excuse to go out and buy and ALIX or shiva plug :D
[17:26]
<endian7000_> there was a 4-week delay when I got my SheevaPlug
<michiel_unhosted> what do people think of gnunet?
<michiel_unhosted> does it solve point 3, network neutrality? [17:27]
<michiel_unhosted> i think you would need a wifi mesh for that, right?
<michiel_unhosted> otherwise you always have a single point of failure, being
your isp [17:28]
<dxld> GNUNet can operate on a wifi mesh
<michiel_unhosted> dxld yes, that's what i'm thinking
<michiel_unhosted> establish a wifi mesh
<michiel_unhosted> to solve point 3
<willma> Is it stable yet?
<veosotano> what's a wifi mesh?
*** ehj (~ehj at cust-212-160-108-94.dyn.as47377.net) has joined channel
#freedombox
<endian7000_> gtg -- I'll be back later today
<dxld> nope
<michiel_unhosted> then run gnunet to solve point 4, about anonymous
publishing [17:29]
<dxld> rather unstable (some parts of it at least)
*** endian7000_ (~endian700 at 64.134.103.20) has quit: Quit: endian7000_
<willma> And is it's security proven?
<willma> Because I think for this project anything that isn't stable and
proven should be rejected from the first version
<michiel_unhosted> or fixed :)
<dxld> i don't know. [17:30]
<michiel_unhosted> is there a proven anonymous publishing tool?
<willma> tor, i2p, freenet have all been around for some time and are pretty
well understood
<dxld> there are some papers about GNUNet
<michiel_unhosted> more than gnunet?
<willma> Is fixing other projects short falls our goal? Because I'd say while
we can file bugs against them we can't fix them so could end up
waiting on the upstream
<michiel_unhosted> willma but fixing an existing project is better than
creating a new one from scratch [17:31]
<michiel_unhosted> i don't know,we'll see
<willma> Sure, I agree with that. I'm just wary the gnunet is still new
[17:32]
<HerraBRE> I really like Tor. I've met with multiple people from the project,
and they are smart and dedicated.
<willma> new is nice and shiny but I'd rather have something stable and well
proven.
<HerraBRE> And they have funding.
<michiel_unhosted> HerraBRE could you use Tor, without anything on top of it,
to anonymously publish something? [17:33]
<HerraBRE> yes
<HerraBRE> that is what hidden services do
<michiel_unhosted> and is there a hyperlinked web of such services?
<willma> I though they were just anonymous end points?
<redarrow> willma: at least with tor there are issues/problems with the
goverment of germany and other parts of the european union
<HerraBRE> redarrow: Not for publishing.
<HerraBRE> Basically a tor hidden service is just a TCP/IP service. [17:34]
<dxld> redarrow: what problems?
<willma> redarrow: in what way/
<willma> ?
<HerraBRE> Exit nodes are difficult to run in some countries, as the traffic
exiting may get you in trouble.
<willma> Which means you can't upload it.. freenet provides a service like
that
<Schlomo> with a wifi mesh. It still has to go trough a gateway to an ISP
rigth. Is there a way around that?
<willma> Ah, okay HerraBRE I see. That's why I don't run and exit node!
<HerraBRE> willma: Yes, it's not a distributed cloud, you have to actually
host it yoruself and be reachable. [17:35]
<HerraBRE> Tor only provides anonymity, but it does so both for publishing and
network use.
<HerraBRE> Because obviously one of the TCP/IP services you can run is a
webserver.
<HerraBRE> And if you carefully make sure it doesn't leak info about where you
are and who you are (watch out for dates, time zones, software
versions etc) you can publish things in an untraceable way.
[17:36]
<michiel_unhosted> HerraBRE so for the goal "Safe anonymous publication:
Friends or associates outside zones of network censorship can
automatically forward information from people within them,
enabling safe, anonymous publication", do we need anything
but Tor?
<HerraBRE> For that you need more, you need Tor + mirrors.
<lukisi> I do not know TOR personally. So I am wondering, what does it mean
that OperaTor proved to be not able to circumvent censorship il
Libya?
<willma> That's far too risky I think HerraBRE - some information might just
want to be passed on
<HerraBRE> I think if you want censorship resistant publishing, you need more
than Tor. [17:37]
<HerraBRE> That is not the same goal as anonymous publishing :)
<dxld> GNUNet has censorship resistant publishing ;)
<willma> So does freenet
<michiel_unhosted> and what about i2p? [17:38]
<HerraBRE> I don't know i2p, I think it is very similar to Tor.
<willma> i2p doesn't exit to the public Internet does it?
<willma> There is another option - something like anonet
<nicoman> i2p is more scale ... and freenet is java :S to heavy to plug
<HerraBRE> http://www.i2p2.de/how_networkcomparisons
<willma> yeah, java does kind of put a spanner in the works [17:39]
<dxld> https://gnunet.org/compare
<nicoman> hi!!! :) y don't speak english... sorry :(
<nicoman> onli can read
<willma> i2p is java too [17:40]
<willma> I think for the publish part gnunet looks like the best option
[17:42]
<willma> For connectivity out to the public internet via protect means, tor
looks like the best option [17:43]
<willma> IMHO of course
<HerraBRE> Was it deliberate to leave out *non-anonymous* publishing from the
todo list?
<HerraBRE> or should that fall under social networking? [17:44]
<HerraBRE> ... or social networking fall under something more generic like
"non-anonymous communication/publishing"?
<willma> I like the latter HerraBRE [17:46]
<HerraBRE> If FreedomBoxes are supposed to help people "leave the cloud", they
will need to provide alternatives to what people use the cloud for.
And that's a lot of non-anonymous communication. :)
* HerraBRE edits the pad
*** Mixhael (~Ilja at ip21-245-210-87.adsl2.static.versatel.nl) has joined
channel #freedombox [17:48]
<willma> Does freedom extend to DRM bypass?
*** lukisi (~lukisi at 195.81.18.210) has quit: Ping timeout: 480 seconds
<erwaelde> Not neccessarily, imho. [17:50]
<michiel_unhosted> willma there is a risk of scope bloat here.
*** lukisi (~lukisi at 195.81.18.210) has joined channel #freedombox
<willma> As ever with everything :) What in particular? [17:51]
*** willma (~willma at 165.214.187.81.in-addr.arpa) has left channel #freedombox:
#freedombox
*** willma (~willma at 165.214.187.81.in-addr.arpa) has joined channel
#freedombox
<michiel_unhosted> would DRM bypass be an 8th goal? [17:52]
<willma> I mention it as it depends what 'Freedom' means
<michiel_unhosted> referring to http://www.freedomboxfoundation.org/goals/
<nicoman> open hardware = 8th goal :)
<willma> I don't know if it's something we should aim for early on, but should
it be on the radar?
<willma> Would it be setting the project up as a target for Big Business
*** ian_brasil_ (~ialawren at 187.116.126.106) has joined channel #freedombox
<michiel_unhosted> willma ah, ok. i have no opinion about that
<willma> I personally think in the world of Freedom with a capital F it's
important (well, the issue as a whole is). For this project, I think
it's something best avoided as it is a hot potatoe [17:53]
*** Schlomo (~Steff at 81-234-111-32-o279.telia.com) has quit: Quit: L?mnar
<willma> As it's not elicited a stream of support forget I said anything ;)
[17:54]
<HerraBRE> I'm not sure how it applies anyway, DRM bypass generally happens on
the device where you have access to the media or are playing it.
FreedomBoxes will generally do neither, they would just provide
dumb storage and sharing capabilities. Which are related, but
simpler.
<willma> It's a tool that could provide a function. Strip DRM on the storage
[17:55]
<willma> It's a freedom issue is all I meant
<HerraBRE> sure :)
<willma> right, gotta go. bbl [17:56]
*** willma (~willma at 165.214.187.81.in-addr.arpa) has quit: Quit: willma
<HerraBRE> Something vaguely related, is that if a device helps with backups -
say you plug a giant hard drive into your FB and it then takes
backups of your laptops and mobile phones etc. automatically. Then
a killer feature is to auto-compile and expose a media library from
the backed up data.
<HerraBRE> A lot of interesting personal data mining can happen on a device
which does smart backups, this is one such example. [17:57]
*** Bugsbane (~user at bas2-oshawa95-1242505642.dsl.bell.ca) has quit: Ping
timeout: 480 seconds
<HerraBRE> None of the cloud guys can provide such features because of privacy
concerns and not wanting to be RIAA targets. But a FreedomBox
could totally rock that sort of thing.
<michiel_unhosted> contribution by gbraad, who can't be on IRC right now: "tor
is not very useful in china without bridges but still
preferred solution."
<HerraBRE> It would be very nice if FreedomBoxes could easily be made into
bridges :) [17:58]
<HerraBRE> I wonder if Tor's centralized directory stuff will melt if a
million FreedomBoxes start connecting. :) [18:00]
<michiel_unhosted> sorry, i had to learn what Tor bridges are before i could
answer that. after reading
https://www.torproject.org/docs/bridges my answer is yes :)
<redarrow> HerraBRE: probably, but the main point for tor is not the bridge I
think. There are more difficulties with the exit point, because
there are less than entry points and that's why tor is right now
terribly slow
<HerraBRE> redarrow: that's not what I've heard from the Tor people, they've
told me they have plenty of exit bandwidth. [18:01]
<michiel_unhosted> but can you also use a web that's entirely within Tor,
without exiting?
<HerraBRE> michiel_unhosted: yes
<michiel_unhosted> HerraBRE so then you can publish anonymously? [18:02]
<HerraBRE> redarrow: but bridges to provide access circumventing great
firewalls is something they always need more of.
<HerraBRE> michiel_unhosted: yes, but your server has to stay up for the
content to be reachable.
<michiel_unhosted> that's where the FreedomBox comes in :)
<HerraBRE> redarrow: Tor is by nature always going to be slow because of all
the extra hops.
<michiel_unhosted> it would be desirable to mirror, obviously
<michiel_unhosted> as you said earlier [18:03]
<michiel_unhosted> sorry, my brain is a bit behind on the discussion ;)
<redarrow> HerraBRE: if you are lucky the connection ist fast but most times
you are right you have to cope with one very slow node in the
middle
*** clstaudt (~Adium at f053216108.adsl.alicedsl.de) has joined channel
#freedombox [18:04]
<michiel_unhosted> welcome back clstaudt
<clstaudt> hi @all
<michiel_unhosted> http://titanpad.com/jJ7Y6xtT8d describes what we think
about each of the seven goals
<michiel_unhosted> we're currently discussion the anonymous publishing one
[18:05]
<michiel_unhosted> (goal number 4)
<clstaudt> sure it's the right link? document starts with name/handle
<clstaudt> skillz
<clstaudt> interests
<HerraBRE> http://titanpad.com/3LsfCMplSR [18:06]
<clstaudt> thanks
<michiel_unhosted> ah sorry [18:11]
<michiel_unhosted> brb
*** michiel_unhosted (~michiel at 77.228.77.112) has left channel #freedombox:
#freedombox
<redarrow> Tor is already implemented in the 'freetz' project (Project to work
with (nearly) every fritz!box router) (German Page:
http://freetz.org/wiki/packages/tor) unfortunately there is no
english one, as there is no german Overview of how tor works ...
[18:12]
<redarrow> wow, have I missed something? [18:14]
*** seadog (~seadog at athedsl-31451.home.otenet.gr) has joined channel
#freedombox [18:15]
<amiller> there's so much to read [18:16]
*** zx81 (~chatzilla at 188-126-68-189.cust.vpntunnel.org) has joined channel
#freedombox
<amiller> today is a hackfest? that's exciting
<seadog> hello everybody
<dxld> hi
<zx81> hey there [18:17]
<redarrow> hi
*** michiel_unhosted (~michiel at 77.228.77.112) has joined channel #freedombox
*** Mixhael (~Ilja at ip21-245-210-87.adsl2.static.versatel.nl) has quit: Quit:
Mixhael [18:18]
<clstaudt> how can encrypted e-mail become really, really easy to use?
<aggelos> err, what are the criteria for choosing between
{free|}gnunet|i2p|tor?
<aggelos> do you guys want a darknet or anonymous publication on the existing
internet? [18:19]
<aggelos> tor seems to me as the obvious choice for the latter [18:20]
<aggelos> clstaudt: take key management out of the picture?
<amiller> i just installed tor and did a 'proof of concept' use case of an
anonymous publication, i think
<amiller> i want to explain what i did so any of you can tell me if i did it
wrong [18:21]
<redarrow> aggelos: for me to, but is there a way to encrypt the .onion
Service?
<aggelos> redarrow: https?
<redarrow> aggelos: something like that, but as I see this is not implemented
yet
<aggelos> but in any case, iirc there are powerfl attacks against tor hidden
services [18:22]
*** Mixhael (~Mixhael at ip21-245-210-87.adsl2.static.versatel.nl) has joined
channel #freedombox
<aggelos> redarrow: where do you see that? [18:23]
<michiel_unhosted> aggelos the definition is "Safe anonymous publication:
Friends or associates outside zones of network censorship can
automatically forward information from people within them,
enabling safe, anonymous publication" [18:24]
<HerraBRE> The net neutrality stuff actually implies Tor or something similar
- a fallback alternate route when ISPs block ports. That's a
different goal though. [18:25]
<michiel_unhosted> amiller great! i'll write a report of our findings to the
mailing list, later. send me a snippet that i can include
<amiller> thank you :]
<amiller> michiel_unhosted i'm a huge fan of your unhosted page, i think
that's the most important idea, although i've been reading about a
whole lot of important ideas here in the last day
*** tg (~tg at irc.tgbit.net) has joined channel #freedombox [18:26]
<aggelos> HerraBRE: uhhh, being forced to have 2 orders of magnitude greater
latency hardly qualifies as restoring network neutrality... :)
<zx81> amiller: there are lots of projects so interesting to see where
freedombox fits in.
<HerraBRE> aggelos: it's better than nothing.
<aggelos> michiel_unhosted: yah, is that enough? or do you want people inside
the censorship zone to be able to access that publication?
<aggelos> HerraBRE: absolutely [18:27]
<michiel_unhosted> amiller thank you! take into account that unhosted is only
one of the projects that make up the 'decentralized web'
revolution. it's a piece in a bigger puzzle
<aggelos> HerraBRE: but the description seems very optimistic
<HerraBRE> Using off-the-shelf components, I think tor may be the only
solution at the moment that can accomplish that particular goal of
circumventing port blocks. But a custom written tool for just that
(without the anonymity) would be much more efficient.
<HerraBRE> Mr. Moglen is nothing if not an optimist :) [18:28]
<redarrow> aggelos: the hidden service test page says something "the web site
does not support encryption for the page you are viewing"
<zx81> michiel_unhosted: i believe the trick is to make things so easy that
there is mass adoption.
<aggelos> redarrow: sounds like you're trying to talk https to an http port :)
<michiel_unhosted> zx81 the trick to what? [18:29]
<michiel_unhosted> s/to/for
<zx81> michiel_unhosted: i.e. blocking a niche service would not raise
eyebrows, whereas blocking the internet does
<redarrow> aggelos: No, I just wanted to find out if it might be possible to
use https instead of http for the last hop to the destination
<aggelos> redarrow: https is end-to-end and yes you can use it [18:30]
<zx81> michiel_unhosted: if a decentralized and heavily censorship-resistant
'web' can weave itself into the very fabric of the internet, so popular
apps/services are built on top of it, makes it much harder to shut down
without people complaining [18:31]
<michiel_unhosted> zx81 dictators still block things, despite their mass
adoption. but mass adoption is obviously where we're aiming
at :) [18:32]
<aggelos> michiel_unhosted: still, if you have mass adoption, you /prevent/
mass surveilance, so that's something [18:33]
<michiel_unhosted> the only way to be safe from dictators, is wifi mesh, i
think
<michiel_unhosted> and a dynamo to generate your own power ;) [18:34]
<aggelos> and your own private army, yes :)
<amiller> the steps i took to make a pseudonymous post were: 1) install tor,
vidalia, privoxy, configure according to their website, 2) use
firefox and torbutton, and audit myself through pantopticlick 3)
register a hushmail account 4) make an account with twitter 5) make
a post - my analysis: the hushmail account i don't consider
secure, but all i care is that it isn't linked back to me, i
[18:35]
<amiller> found vidalia very pleasant to use, and i like the idea of auditing
tools like panopticlick and i hope we make more things like that
- can someone tell me if i missed an obvious step and should use a
different layer somewhere
<aggelos> amiller: did you use https: to connect to twitter? :) [18:36]
<redarrow> amiller: have you used a dedicated browser for your tor session?
[18:37]
<amiller> i used a dedicated browser, a fresh firefox in privacy mode
<aggelos> redarrow: torbutton is supposed to take care of things like that
<redarrow> for example you use ie for daily stuff and firefoy ONLY for tor
related connections
<amiller> redarrow: that's precisely right, i use chrome for everything and
only installed firefox for this [18:38]
<redarrow> aggelos: but there are security issues - so if you want to be
really sure ...
<zx81> aggelos: are there any successful community or commercially based wifi
meshes to study and learn from? what's the hook to get people adopting
a freedombox? might have to sell the box to charities and NGOs to
promote.
<zx81> aggelos: 'sell' as in selling the idea.
*** phaidros (~phaidros at 188.40.166.29) has joined channel #freedombox
*** phaidros (~phaidros at 188.40.166.29) has left channel #freedombox:
#freedombox
*** drwhax (~drwhax at 178.21.20.207) has joined channel #freedombox
<aggelos> redarrow: if you're aware of such security issues please let us know
so we can report them and/or fix them [18:39]
<redarrow> zx81: that's the same question which comes into my mind aswell I
just was not fast enough to wirte it down
<aggelos> redarrow: I mean I'm aware of some, but iirc they're pretty minor
*** seadog (~seadog at athedsl-31451.home.otenet.gr) has quit: Remote host closed
the connection
<aggelos> zx81: freifunk
<amiller> aggelos: if i did not use https, would my first hop, from my laptop
to the tor entry node, be unencrypted?
<aggelos> zx81: but afaik it's not an ad-hoc mesh, so the answers you'll get
by studying them are not always relevant [18:40]
<aggelos> amiller: no, the last hop
<redarrow> aggelos: one is that if you start torbutton while you have visited
a website you have to refresh this site (you get an message window
which points to the bug and this is more than one year old)
<aggelos> redarrow: yup
<amiller> aggelos: then I think it's OK as long as my goal was to make a post
that could not be linked to me, even if i don't care that it gets
snooped because it's essentially a 'public' 'pseudonymous' message
*** phaidros (~phaidros at 188.40.166.29) has joined channel #freedombox [18:41]
*** sardonic (~sardonic at c-24-10-84-112.hsd1.ca.comcast.net) has quit:
<amiller> however i imagine it's hard to specify exactly what your goals and
needs are, because everyone's situation will be a little different
<michiel_unhosted> bad news about point 1: diaspora doesn't have a read/write
client for facebook. you need to register your node on
facebook dev to get an api key for your domain. that's very
hard to automate and it's likely that facebook would stop us
registering millions of api-partners (one per end-user)
http://groups.google.com/group/diaspora-dev/browse_thread/thread/29170f19c47c4c96/2d0499ad96aa6eed
<aggelos> amiller: but your login credentials can be sniffed by someone
running a malicious exit node
<amiller> aggelos: i see, that makes sense [18:42]
<aggelos> amiller: I'm assuming you won't be creating a different identity for
each tweet ;)
<amiller> even if i was going to do that (it was my original plan here) i
would be vulnerable to someone impostoring me if it's easy to see my
login credentials [18:43]
<aggelos> hmm, this discussion is a bit all over the place. which is fine and
appropriate really, but I'm not sure what has already been talked
about :)
*** glo (~seadog at athedsl-134584.home.otenet.gr) has joined channel #freedombox
<michiel_unhosted> so will have to try something ourselves, at least for now
<aggelos> amiller: there wouldn't be a "you", you'd be tweeting stuff
independently
<aggelos> michiel_unhosted: err, that's not realistic
<aggelos> well [18:44]
<aggelos> a /lot/ of the goals are very optimistic, just saying that 1) is the
most optimistic of them ;)
<michiel_unhosted> you think?
<aggelos> michiel_unhosted: why not try to keep it simple, stupid and get
something useful in the next couple of months [18:45]
<aggelos> michiel_unhosted: I'm positive
<michiel_unhosted> without the facebook-exit, you mean?
<aggelos> michiel_unhosted: there's no way in hell facebook will play along
<michiel_unhosted> aggelos i would propose a Levin search
<aggelos> michiel_unhosted: yah
<redarrow> amiller:your message is encapsuled in many layers. One for each
hop. So every hop does only now the IP it comes from and the IP it
goes to, but the Exit Node has to decrypt your message bevor it can
be send to the webserver, so he will know your username and
password if you don't use https
<michiel_unhosted> ah, sorry, i wasn't thinking facebook would play along of
course [18:46]
<aggelos> michiel_unhosted: what does the levin search have to do with
anything?
<michiel_unhosted> sorry, it was a joke
<aggelos> kk
<michiel_unhosted> i meant to say we work on each of the 7 points at the same
time
*** phitoo_ (~philippe at dpc6747121246.direcpc.com) has quit: Quit: Konversation
terminated! [18:47]
<michiel_unhosted> then if one of them fails, the others will still not be
delayed, or at least not by more than a constant factor
[18:48]
<aggelos> michiel_unhosted: imho any given goal is too big atm, so a bit of
focus might help. that goes for each one of us individually, not for
the group discussion of course
<aggelos> ...
<aggelos> people <--- .... ---> math [18:49]
*** glo (~seadog at athedsl-134584.home.otenet.gr) has quit: Remote host closed
the connection
<aggelos> just saying that people will work on what they, personally, find
interesting, so I'd much rather everyone focused on that and just
presented an action plan for review/input [18:51]
<zx81> aggelos: agree. diversity of projects will be good for
cross-pollination. [18:53]
*** twur (~twur at 74-131-161-158.dhcp.insightbb.com) has joined channel
#freedombox [18:56]
*** willma (~willma at 165.214.187.81.in-addr.arpa) has joined channel
#freedombox
<michiel_unhosted> i am focussing on #1 of www.freedomboxfoudation.org/goals
now. this may help
http://www.my-guides.net/en/guides/linux/141-how-to-monitor-your-facebook-profile-in-linux
[18:58]
*** veosotano (~veosotano at 89.131.202.114) has left channel #freedombox:
#freedombox
<willma> Just how paranoid/security conscious does a FreedomBox need to be?
<michiel_unhosted> willma i would say "quite" [18:59]
<willma> Are we targeting opressed peoples in oppressive regimes as a number
one aim, or is this more about getting off the cloud and preserving
western democratic ideals?
<willma> Thing is, if I were a citizen of an oppressive regime I'd want to
make damned sure that the freedombox would never expose me. Ever.
[19:00]
<aggelos> michiel_unhosted: indeed, you'd still be relying on facebook for
availability, wouldn't you?
<michiel_unhosted> yes, but you would just be like a client app.
*** thomy (~thomy at p54820437.dip0.t-ipconnect.de) has joined channel
#freedombox
<willma> That is very different from those in a cosy western democracy who
have some form of due process, a stable legal system and so on
<aggelos> michiel_unhosted: ... [19:01]
<michiel_unhosted> imagine you use tweetdeck to read and write your twitter
<willma> The security requirements are very different
<aggelos> michiel_unhosted: did you watch eben moglen's fosdem talk? I think
he adresses that quite explicitly :)
<michiel_unhosted> but it's only during the transition, right?
<aggelos> michiel_unhosted: transition to what? [19:02]
<michiel_unhosted> to a free social network.
<willma> There is no transition.
<willma> You leave facebook
<michiel_unhosted> the thing is, if you are on a free social network, and your
friends are not, then you will be very lonely
<aggelos> michiel_unhosted: yah, I'd rather focus on getting /that/ on the
horizon
<aggelos> michiel_unhosted: yup. and I don't think there's a way around that
that involves cooperation w/ facebook [19:03]
<aggelos> I was in the xmpp dev room a while ago
<aggelos> one of the guys that started it made a very good point
<michiel_unhosted> it explicitly says "without losing touch with any of your
friends"
<aggelos> they had something that could replace aim/aol/icq etc perfectly well
[19:04]
<aggelos> and 10 years later, people are /still/ using them for regular text
IM'ing
<aggelos> so I don't think there was an issue with getting your buddy list out
of aim/icq/whatever [19:05]
<erwaelde> In the Debconf 2010 talk, there is explicit mention of aggregator
sw, such that messages of my friends on facebook are collected
through the same client channel as messages of my friends on
elsewhere. Thats why I wrote the message on the mailing list.
<michiel_unhosted> but the handy thing is you can have an aggregator client
like pidgin that speaks all of the above
<aggelos> michiel_unhosted: and people still stay on the same old
pimps^Wsocial networks [19:06]
<erwaelde> plus the new stuff, i.e. sending my message to my friends
FreedomBox directly.
*** nesciens (~nesciens at ip82-139-84-66.lijbrandt.net) has quit: Quit: Leaving.
<willma> but they have to want to leave FB. You can't wean people of it. It's
not a drug.
<aggelos> erwaelde: aww, come on, now you're moving the discussion to the
abstract again ;) [19:07]
<aggelos> j/k
*** jdeisenberg (aa5b0504 at ircip2.mibbit.com) has joined channel #freedombox
<michiel_unhosted> i think erwaelde is right
*** seadog_ (~seadog at athedsl-134584.home.otenet.gr) has joined channel
#freedombox
<willma> Those who require anonymity, security, will use a tool that provides
it
<aggelos> willma: and it will be useless
<willma> Why?
<aggelos> willma: encryption is useless if only a handful of people are using
it [19:08]
<willma> Yes
<aggelos> in a totalitarian state, it just makes you a target
<willma> But we're not trying to change the world directly here are we?
<erwaelde> Iff the new stuff is cooler, people will move. If it's just "more
private and secure" then I do not expect many to move over. I try
this discussion regularly in my workplace :-)
<willma> Thats well beyond the scope of this project.
<aggelos> willma: no, but what you're suggesting has been tried and failed
<willma> what's the measure of failure? [19:09]
<aggelos> willma: I have tons of technical acquaintances and yet /nobody/ uses
gpg
<aggelos> so it's close to useless for secure communication
*** guybrush (~patrick at 93-82-55-199.adsl.highway.telekom.at) has joined
channel #freedombox
<erwaelde> we are trying to re-establish, what the net was before the
"internet", decentralized, immune against the loss of nodes, not
controllable ... [19:10]
<erwaelde> Nothing short of that.
<aggelos> err
<aggelos> was it ever like that? [19:11]
<erwaelde> It was much less controlled by our all ISPs.
<aggelos> turning it off was always just as easy
*** clstaudt (~Adium at f053216108.adsl.alicedsl.de) has quit: Quit: Leaving.
<willma> I think lofty aims are fine but how about the ground work first?
[19:12]
<willma> I also am a little concerned that the goals of a project protecting
those in opressive regimes are not the same as a project that is
aiming to help people get off the cloud [19:13]
<willma> Can any free webmail client compete with gmail? No.
<aggelos> willma: good point, but they can be reconciled, can't they? [19:14]
<willma> At some point
<erwaelde> I live happily without gmail. So is that the goal, compete with
gmail?
<aggelos> willma: are you talking about the UI or the spam filtering? [19:15]
<willma> However, the security requirements for case A (oppressive regime) are
very, very different case B (off the cloud)
<aggelos> erwaelde: absolutely, I'd say
<redarrow> erwaelde: me too as well as facebook ... But that's me
<willma> UI, spam filtering, availability, security
*** nesciens (~nesciens at ip82-139-84-66.lijbrandt.net) has joined channel
#freedombox
<erwaelde> "Off the cloud" is a good first goal, because it will teach us lots
of lessons. To make the thing "oppressive proof" is much harder. I
don't think, one can get this right from the outset. [19:16]
<willma> I'm migrating away from gmail for myself and a number of other users.
How much they'll miss it I don't know.
<aggelos> willma: UI-wise I don't see anything fundamental getting in the way.
as for spam filtering... [19:17]
<willma> time
<redarrow> hmm, 1und1 (german ISP reseller) has a good webmailer as well
<willma> gmail is the best webmailer I've ever used bar none
<willma> I've used it for, what, 3 years. It's only the privacy issue that is
problematic
<willma> Otherwise is just works from everywhere [19:18]
<willma> They ever do two factor auth now
<redarrow> willma: but that should every webmailer do
*** seadog_ (~seadog at athedsl-134584.home.otenet.gr) has quit: Ping timeout:
480 seconds
<willma> Yes, I agree, but they do that as a security feature. Sorry, it's a
bit unrelated to my previous points.
<aggelos> willma: except you can't really do gpg w/ a web client, can you? :)
<redarrow> if a webmailer does not work everywehre it has missed his point
ment to be
<willma> But a freedombox webmailer would be stuck at the end of an ADSL line
or even a mobile line [19:19]
<willma> erm, I mean modem
<erwaelde> "ground work": I'm currently building/testing tahoe-lafs on a
seagate dockstar. Takes some time. This isn't packages for debian.
Anyone knows if there is work in progress?
<redarrow> aggelos: you probably can use gmail accounts in your Mail Client
like Thunderbird or Outlook and there use gpg but thant of course
its not location independent [19:20]
<erwaelde> /packages/packaged/
<willma> aggelos: You can do S/MIME I would have thought?
<aggelos> redarrow: at that point I can use my regular mail server
<aggelos> willma: but you then trust the code serv
<aggelos> *ed to you by the server?
<redarrow> aggelos: right
<willma> aggelos: Can browsers sign data/ [19:21]
<willma> ?
<willma> They can certainly generate private keys
<aggelos> willma: JS is turing complete, it can do anything :)
<willma> haha, yeah
<aggelos> but then you put all your faith in the server [19:22]
<aggelos> (this could be worked around w/ browser extensions)
<willma> So, would I be safe when looking the the OS security side to assume
that the 'off the cloud' case is the primary target at the moment?
<aggelos> but to be frank, doing secure mailing at an internet cafe or at some
other untrusted box is hopeless
<willma> I mean, private keys can be generated by browser native code.
[19:23]
<willma> Very true
<aggelos> willma: not sure I get what you mean
<zx81> off-topic: Is there going to be log of this chat anywhere? I will be in
and out today but dont want to miss anything. [19:24]
<willma> I'm looking at goal 5. I want to make sure what I do is proportionate
to the platforms use
<willma> That is either 'off the cloud', in which case ease of use is >=
security. For the oppressive regime use, security is priority number
one. [19:25]
<aggelos> btw,
http://gigaom.com/2011/02/17/building-the-technology-stack-for-internet-freedom/
[19:26]
<willma> what's the USs agenda? Why fund this? [19:28]
*** seadog_ (~seadog at athedsl-29914.home.otenet.gr) has joined channel
#freedombox
<aggelos> willma: I think people here mostly agree that you want a unified
network that will be adopted for home-cloud style usage and will be
instantly available in hard times
<aggelos> willma: let's not talk politics now ;)
<willma> haha :) [19:29]
<michiel_unhosted> "2) Secure backup: Your data automatically stored in
encrypted format on the Freedom Boxes of your friends or
associates, thus protecting your personal data against
seizure or loss" - this would need a user interface that lets
you choose friends. do any of the proposed packages have
that?
<aggelos> michiel_unhosted: choosing friends is easy. it's finding them that's
the interesting part ;)
<aggelos> michiel_unhosted: and I don't know of anything that does that
<aggelos> michiel_unhosted: imho it would be a very useful building block
[19:30]
<michiel_unhosted> finding them could be out-of-band
<willma> I think I'm missing a part of this here. What's the protocol used
between freedomboxs? What does 'instantly available' mean?
<aggelos> michiel_unhosted: that reduces it to a public-key distribution
problem which we have failed to solve in the past. or not?
<aggelos> willma: meaning you're already using it. you don't have to go
searching for instructions on how to set it up when things go bad
[19:31]
<michiel_unhosted> but it's not that pressing here. if it's only for the
backups, you could send a backup request to a friend you know
from meatspace [19:32]
<willma> 'go bad'?
<aggelos> michiel_unhosted: imho you absolutely want to use meatspace friends
as backup buddies anyway
<michiel_unhosted> then the friend could phone you and give you the key, or a
password or whatever in a voice call. or even a live
face-to-face meeting
<aggelos> michiel_unhosted: solves the churn/availability problem nicely
<willma> michiel_unhosted: What about a distributed, encrypted backup? Too
slow? Too much data?
<aggelos> michiel_unhosted: ffs [19:33]
<aggelos> michiel_unhosted: gpg has demonstrated that won't happen
<aggelos> willma: too much of a research problem imo [19:35]
<aggelos> willma: there have been solutions proposed and implemented though
<aggelos> willma: http://oceanstore.cs.berkeley.edu/info/overview.html [19:36]
*** jdeisenberg (aa5b0504 at ircip2.mibbit.com) has quit: Quit:
http://www.mibbit.com ajax IRC Client
<willma> There is always encryption + cloud storage, no? Dropbox, S3 etc.
[19:37]
<aggelos> ...
<willma> It all relies on the private key being secure but
<aggelos> "availability"
<michiel_unhosted> so is there any conclusion about "4) Safe anonymous
publication: Friends or associates outside zones of network
censorship can automatically forward information from people
within them, enabling safe, anonymous publication"?
[19:38]
<willma> A distributed option is the only way then surely?
<aggelos> willma: yah, but it can be a global data store or a friendnet, I
prefer the latter b/c I think it's more straightforward to implement
[19:39]
<willma> The former doesn't require you trust a friend
<aggelos> michiel_unhosted: again, are we talking darknet or internet? I'm not
yet clear on that
*** and1bm (~andi at HSI-KBW-078-043-088-194.hsi4.kabel-badenwuerttemberg.de) has
joined channel #freedombox [19:40]
<michiel_unhosted> i don't know either :)
<dxld> aggelos: both
<aggelos> willma: yes, the former has advantages too, but w/ a tahoe-style
solution you don't need to either
<michiel_unhosted> i've copied this from the foundation's website, presumably
this has been formulated by Eben himself.
<aggelos> willma: you just depend on the fact that not all your friends will
< go away at the same time
<aggelos> michiel_unhosted: eben's not jesus :) [19:41]
<aggelos> no need to start interpreting him here, we can each have our own
opinion, no? :)
<michiel_unhosted> about "5) Home network security, with real protection
against intrusion and the security threats aimed at Microsoft
Windows or other risky computers your network", i'll say
willma is looking into this [19:42]
<aggelos> dxld: well doing just the anonymous publication on the internet
thing is way easier ;)
<dxld> ^^
<willma> Yes, I'll pick that up [19:43]
<dxld> i think for now we should just use tor
<dxld> we can add a darknet later
<michiel_unhosted> do you know any debian packages for this yet?
<michiel_unhosted> or anything else i can mention in my email
<aggelos> willma: can you explain what it's about? :) not clear on that either
<willma> 5)?
<aggelos> yah [19:44]
<willma> My understanding is a firewall or alerting system
<aggelos> huh?
<aggelos> but that assumes you're the router, no?
<willma> with IDS (e.g. snort), firewall (shorewall)
<willma> yes, to a large degree
<willma> Quite frankly if you're not you're not going to see very much
<willma> nessus could be part of that
<willma> but it's an active check [19:45]
<aggelos> uhhh
<erwaelde> 5) has to do with the FB being my router.
*** Mixhael (~Mixhael at ip21-245-210-87.adsl2.static.versatel.nl) has quit:
Quit: Mixhael
<aggelos> those are admin tools
<willma> Yes
<aggelos> not that useful for home users
<willma> Depends on the UI
<aggelos> also, see HerraBRE's objections re: assuming you're the router
<aggelos> on the list
<willma> Oh, sure
<willma> this project isn't a router and the shiva plug etc only have 1 NIC
[19:46]
<willma> I will give it some thought
<erwaelde> It's useful for home users, if it prevents a single instant of
someone getting in from the outside.
<aggelos> willma: guruplug has two, and in any case most home users use wifi
*** clstaudt (~Adium at f053216108.adsl.alicedsl.de) has joined channel
#freedombox
<willma> 'Most' is not all
<aggelos> erwaelde: it just can't do that
<aggelos> willma: I know
<erwaelde> a FB might be a tad better than the stuff I got from my ISP?
[19:47]
<willma> So, what did whoever wrote 5) have in mind?
<willma> Yes, it would be better. Could to IPv6 as well
<willma> but there are plenty of router projects out there
<aggelos> willma: just saying, it's reallly hard to do IDS if you're not the
router and impossible to protect other boxes
<willma> I know.
<aggelos> willma: unless you hijack the gateway ip etc [19:48]
<aggelos> but that's ... problematic
<willma> Can do IDS for the freedom box itself
<willma> no, this has to be clean. RFCs are king :)
<willma> But whoever wrote 5 must have had some idea of what they meant?
<willma> Otherwise it's a bit of a pointless goal is it not? [19:49]
<aggelos> willma: I'd return to sender(tm)
<aggelos> willma: "too vague, explain your assumptions"
<willma> sure
<willma> It needs clarification of the aim
<willma> However, there is no reason security auditing can't be in the remit
[19:50]
<aggelos> and the deployment model
<aggelos> willma: again, home users
<willma> E.g. check local machines firewalls, nessus scan with traffic lights
on the result
<willma> sure, but information is power.
<aggelos> they just won't know what to do w/ a security report, no matter how
dumbed down
<aggelos> willma: but feel free to prove me wrong :) [19:51]
<willma> true, but I don't think that's not a reason not to
<willma> It could hook into routers and other devices
<willma> but then that requires the ISP to allow SNMP access, telnet access or
what have you
<willma> My main reason for picking that up was to look at the freedom box
integrity and checking [19:52]
<aggelos> willma: snmp is useless for ids purposes?
<willma> IDS, antivirus, auditing, integretiy checks etc
<aggelos> willma: and telnet interfaces are not even close to standardized ime
<willma> Limit use
<willma> No, so it's have to be customised per device
<willma> limited use on the snmp
<aggelos> heh [19:53]
<aggelos> that's not really realistic
<willma> As I say, I'll give it some though. I only volunteered 90 minutes ago
:)
<willma> no, its not
<willma> So, michiel_unhosted, that goal needs some clarification as to what
it means
<willma> What did the author have in mind? [19:54]
<aggelos> it sucks that I'm only shooting down ideas btw
<willma> Given the freedombox is not a rooter
<willma> No, aggelos not at all
<willma> I see the faults too
<michiel_unhosted> willma ok, your lead :)
<michiel_unhosted> i'll put that remark in my email
<willma> Come up with ideas then see if they stick
<aggelos> michiel_unhosted: will you CC the list please?
<willma> michiel_unhosted: On a positive note, I'll look at Freedombox
integrity as part of 5 [19:55]
<michiel_unhosted> i will do better than that, i will To: the list :)
<michiel_unhosted> yes, i already wrote that.
<aggelos> :)
<ehj> willma, here are some old ideas on another project, something might be
fun: http://euwiki.org/Propensities/Free_Infrastructure [19:56]
<ehj> willma, maybe some links at the bottom can even be useful [19:57]
<willma> I'll review, thanks ehj
<willma> got to go for a while. bbl
<ehj> willma, thanksm byt
<ehj> willma, thanks bye [19:58]
*** willma (~willma at 165.214.187.81.in-addr.arpa) has quit: Quit: willma
ERC> /names #freedombox
*** Users on #freedombox: clstaudt and1bm seadog_ nesciens guybrush thomy twur
phaidros drwhax tg michiel_unhosted zx81 ian_brasil_ lukisi ehj redarrow
GNUtoo|laptop djbclark dxld qualiabyte e3i8 jonas mono000333 erwaelde
nicoman ErkanYilmaz1 aggelos ram0 josef|rumba unicron javaanse_jongens
skhaen ailo_ hossi mfb mikepark egh kaner amiller micah HerraBRE rtdos crc
peddie kelsoo holloway anarcat WinterMute pickan craSH persia aevin irvee
ludens sstangl openfly qubitsu tmarble anibal
*** Users on #freedombox: dilinger mjj29 cmn OdyX zumbi_
<michiel_unhosted> email sent. i have to leave now! [20:00]
<amiller> cheers
<michiel_unhosted> please correct any errors/bias in the email
<michiel_unhosted> i didn't always understand/follow everything that was being
said, so it is likely that parts of my email are plainly in
contradiction with what was actually said - whereever this is
the case, please correct. [20:02]
<michiel_unhosted>
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-February/000480.html
<michiel_unhosted> have to run now, bye! [20:03]
<erwaelde> received. Thanks for all the effort!
<erwaelde> Bye
*** michiel_unhosted (~michiel at 77.228.77.112) has left channel #freedombox:
#freedombox
Reply to: