21 Apr
2014
21 Apr
'14
12:28 a.m.
http://www.nytimes.com/2014/04/21/us/us-promotes-network-to-foil-digital-sp…
lets apply for some of that USAID to fight spying at home?
David
21 Apr
21 Apr
5:29 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon 21 Apr 2014 12:28:46 AM PDT, David Keenan wrote:
http://www.nytimes.com/2014/04/21/us/us-promotes-network-to-foil-digital-sp…
lets apply for some of that USAID to fight spying at home?
This article is seriously disturbing. I didn't realize OTI was
promoting mesh networks as a secure alternative to the Internet. In the
Middle East. Maybe someone from the Commotion team is on this list and
wants to speak to the actual goals of the project and ways in which the
messaging around it could have been miscommunicated by the NYT?
I think it's really important we all understand and emphasize to new
folks that mesh networks are not by default more secure than other
kinds of networks, though they are more resilient. This is why we have
monthly cryptoparties at sudo, so we can teach good end-user security
hygiene. We can further level up by promoting the use of more
trustworthy services, such as Riseup for email and OwnCloud for
storage, on the mesh splash page or some such.
One bonus point for SudoWRT is that it uses wlan-slovenija's
tunneldigger, routing all connections on the public network through a
VPN. So actually, our mesh will be more anonymous (insofar as being
unable to pin an IP to a specific identity) than most networks. Mitar,
do you know of other networks using tunneldigger?
We are also not funded by the State Dept.
- --
Jenny
http://jennyryan.net
http://sudomesh.org
http://thevirtualcampfire.org
http://technomadic.tumblr.com
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
- -Laurie Anderson
"Storytelling reveals meaning without committing the error of defining
it."
-Hannah Arendt
"To define is to kill. To suggest is to create."
- -Stéphane Mallarmé
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
5:37 p.m.
+1 Jenny, thanks David for the share.
Note that the term VPuN ("Virtual Public Network") is apt here to highlight
that security is not necessarily some inherent feature of networks, like
what Jenny notes about mesh networks generally and the People's Open
Network specifically. From our docs:
'The term "Virtual Public Network" or VPuN has roots in GNUnet
https://gnunet.org/gnunet-vpn and is situated in this historical piece
http://www.isaca.org/Journal/Past-Issues/2001/Volume-3/Pages/Virtual-Privat….
TunnelDigger technically qualifies as "Virtual Private Network" software
(with a major lapse in not actually providing access control mechanisms as
is the point of most VPN software), but this "private" term is more generic
than we can be (see https://en.wikipedia.org/wiki/VPN#Unencrypted_tunnels).
Instead, we have opted for a socially and historically situated alternative
that is both more descriptive and mission-consistent with sudo mesh's work
and the values behind the People's Open Network: *Virtual Public Network
(VPuN)*.' - https://sudoroom.org/wiki/Mesh/Diagrams#Network_Topology_Diagram
// Matt
On Mon, Apr 21, 2014 at 5:29 PM, Jenny Ryan <tunabananas(a)gmail.com> wrote:
5:54 p.m.
Hi!
(with a major lapse in not actually providing access
control mechanisms as
is the point of most VPN software),
Just to be clear, this is deliberate design decision. We believe in Unix
philosophy of small components which you then combine into whatever you
want. Tunneldigger provides a virtual wire between devices. How you want
to authenticate that wire should not be a concern of copper.
You can use standard IPSec for both access control and encryption. This
is why it is layer 2. So that you can build upon that in any way you want.
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
5:38 p.m.
On Mon, Apr 21, 2014 at 5:29 PM, Jenny Ryan <tunabananas(a)gmail.com> wrote:
“The technology is built from the ground up to be resistant to outside
snooping,” Mr. Meinrath said...
I wonder what he was referring to. If he was referring to mesh networking
as used by OTI as the article implies then he's either an idiot or an
asshole.
Yes. Though it is so far less anonymous from inside the local mesh (we're
working on this). Also, we should emphasize that this is not a good
anonymity solution and that people should use Tor. For those who may be new
to sudomesh: The only real purpose of the tunneldigger VPN is to make it
much more likely that the mesh organization will be contacted about abuse
complaints instead of the individual sharing their Internet connection.
5:58 p.m.
Hi!
There is one more nice side effect: you can limit donated bandwidth by
hosts in both directions, inbound and outbound. This is nice because it
is often a concern of people hosting nodes that their whole bandwidth
will be consumed. By using a tunnel you can assure that only as much as
they allow is.
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
6:12 p.m.
On Mon, Apr 21, 2014 at 05:38:02PM -0700, Marc Juul wrote:
If I had to guess, he's referring to OTI's port of Serval's Distributed
Numbering Architecture to Commotion. Has some cjdns like features where
basic crypto is built into the addressing.
There should be a disclaimer a mile long on this assertion.
3:55 p.m.
On Sun 27 Apr 2014 03:43:22 PM PDT, brad gaffney wrote:
Hey so it's two part:
1. After the node is finished flashing (the green lights are no longer
moving up adn ddown the node), take it to the server closet and look
for an ethernet cable that has a piece of blue tape with the words node
configurator (or something like that). Connect the node to that
ethernet cable. The node's power light should turn on.
2. Go to any machine on the sudoroom network (we tend to use the
terminal that's directly opposite the server closet) and go to:
https://nodeconf.local:8080/
4:05 p.m.
New subject: node configurator
hmm ok try:
https://nodeconf.local/ (without the :8080 at the end)
On 04/27/2014 04:03 PM, brad gaffney wrote:
21 Apr
21 Apr
5:50 p.m.
Hi!
I completely agree! I am promoting mesh networks as connectivity, not
security or privacy (hey, we are running open/unencrypted wireless
networks, anybody can grow the network, but this also means that it is
easier to intercept). Teaching is the important thing. You should not be
trusting the mesh network, SudoMesh, me, you, your ISP, nobody. You
should not have to.
We had few pull requests done by other people, so probably they are
using it. I think from Berlin.
https://github.com/wlanslovenija/tunneldigger/pulls?direction=desc&page…
Otherwise I know that Ninux from Italy is using similar topology, but
they are using or have been at least using their own tunneling solution:
http://blog.ninux.org/tag/udp-encapsulation/
We were using this topology using VPN servers from beginning, but were
using OpenVPN. This limited throughput. Then Ninux proposed to use
in-kernel solution (this really improves performance) using one hackish
layer 3 solution (in my opinion, overloading iptables hooks). I think
they are reinventing the wheel a bit, but I didn't manage to convince
them to do layer 2 and use existing kernel code. :-) Read the thread
from here on:
http://lists.freifunk.net/pipermail/wlanware-freifunk.net/2010-April/002546…
(It is an interesting read to know how the idea developed.)
So we did our own version.
To say, both their development and ours were funded by Google through
GSoC. :-) (We got one spot this year again, more work on nodewatcher!)
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
22 Apr
22 Apr
7:43 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am one of the Commotion developers, and believe me, we are not
impressed with the framing of this (and the original) NYT piece. We
all breathed a collective sigh of relief when we noticed they at least
didn't mention the "internet in a suitcase".
We also took particular issue with the idea that we couldn't disclose
where Commotion was deployed. The answer is India and Tunisia. We've
been very public about both of them. We contacted the author with this
correction but so far no changes have been made.
I am not in any way involved with the outreach for the project, but
this kind of hyped up press has been an ongoing concern for us, which
is why we added an explicit warning label to our downloads page:
http://commotionwireless.net/download/routers/
Better security is in our road map, and yes, it is largely in
collaboration with Serval (which we currently only use for signing
routes and service advertisements). We have spent a great deal of time
with security experts but few of our planned security measures have
actually been implemented. These are hard problems to solve, made ten
times harder with wireless, and ten times harder than that with mesh.
To that end, after the article came out, we immediately put up a blog
post about the current state of security and our general road map:
http://commotionwireless.net/blog/2014/04/21/commotion-and-security/
You are right to be skeptical of the Times article. And our goal is
definitely not to put activists in harm's way with overhyped claims of
security. If you have other concerns, feel free to bring them up in
the Commotion discuss list, or on our IRC channel, or stop by the
office if you find yourself in DC (warning: it gets stupid hot here
during the summer).
We definitely welcome your criticism, input, and especially your pull
requests ;)
We're only a small part of the community -- we don't want to make
anyone else's jobs harder because we get bad press.
On 04/21/2014 08:29 PM, Jenny Ryan wrote:
- --
Grady Johnson
Open Technology Institute | New America Foundation
@geekwrights
D6AE 65CE 141B 8DBC 7B5F 99AA 6BCC 0833 8B28 833B
21 Apr
21 Apr
9 p.m.
Hi!
One more on this topic:
http://venturebeat.com/2014/04/21/were-approaching-the-post-internet-age-yo…
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
4057
days inactive
4063
days old
14 comments
9 participants
participants (9)
-
brad gaffney -
David Keenan -
Grady Johnson -
Isaac Wilder -
Jenny Ryan -
Marc Juul -
Matthew Senate -
Max B -
Mitar