Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sun, Jul 15, 2012 at 7:28 AM, Anders Jackson anders.jack...@gmail.com wrote: i think our difference of perspective is you seem to concentrate more on how freedomboxes can communicate with each other (which i also hope will be over IPv6 and with cacert), whereas i am just investigating a different part of the same puzzle here: how to integrate with the internet and web that already exist. No, I wouldn't say that. I want to have a secure infrastructure to build FreedomBox on, which IPv6 and IPSec will give. We don't need to build stuff on IPv4 for that. It will just be uggly hacks. My focus (for this particular project idea, not the FreedomBox in general), which I think is shared by Michiel and Markus, is to make a box that is actually useful for independent publishing of dynamic content, right now, on today's web. The platform we target is neither IPv6 nor IPv4, it is the Web. The web is a bunch of resources reference by URLs - whether the domain portion of the URL resolves to IPv4 or IPv6 addresses, or both, or something else entirely (.onion) is at least theoretically irrelevant. In practical terms however, today's web is an IPv4 thing and we aren't compatible with that, then we don't create something useful. It's that simple. Personally, I think this is the right way forward for the FreedomBox and I think it will help achieve other goals as well. Until the box does something useful, it's a niche thing which nobody cares about. If you give folks a useful FreedomBox that is backwards compatible, then that attracts mind-share, developers and resources. And the comm infrastructure transparently be upgraded to use newer, better, more secure networks. After all, the web stuff is just URLs, if FreedomBoxes know of better routes to reach them then we can transparently upgrade from IPv4 to IPv6 or Tor or carrier pigeons later on. -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Michiel de JongT, ue Jul 10 08:18:06 UTC 2012 Hi Anders, Hi Michiel. In an ideal world, yes, but in order for the freedombox to be useful for mainstream users, we have to be compatible with the current situation of the world outside, which (still) involves IPv4, DNS, browsers' white lists for CAs, etcetera To use IPv6 with IPSec and certificates doesn't say that you shouldn't have dual stack and have IPv4 support. Actually, you need dual stack for a forseening time. IPv6 doesn't get rid of DNS either. Neither CAs etc etc. BUT if we use IPv6 in FreedomBox infrastructure, we only need IPv4 enough for our IPv6 tunnel to be routed out of the users net, if there isn't any native IPv6 from the ISP. All the problems with NAT and IPv4 can just be ignored. If you actually do have a public IPv4 address, you should be able to use it. But more like a special case. And you could even tunnel IPv4 with thor over our encrypted IPv6 IPSec with our friends freedombox:es. /Anders ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Eugen Leitl Tue Jul 10 10:21:01 UTC 2012 On Tue, Jul 10, 2012 at 08:54:01AM +0200, Anders Jackson wrote: And about certificates, there are not only StartSSL (https://stratssk.com), which is good but we also have have CAcert (https://CAcert.org/) which should be a good infrastructure for a project like ours. Using self-signed certs with a STEED-like trust approach would be fine. Supplementing it with a FOAF web of trust even better. CAcert are as good infrastructure as StartSSL. /Anders ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
I can't understand why som many are so locked into one public IP address per home, when we at least can have 2^64 different addresses if we uses IPv6. And with some sertificates we can even encrypt communication between sites. We also doesn't need to handle NAT (in any other way but to get out of the IPv4 net). These small devices would work greate as IPv6 routers for your home network. And I also can't understand that people are so worried about the low performance of the ARM-computers we have now. If there are problems, just run on a x86 computer. Or when we are getting started with something to distribute, the performance would be double that of the current ARM-computers (at least). And about certificates, there are not only StartSSL (https://stratssk.com), which is good but we also have have CAcert (https://CAcert.org/) which should be a good infrastructure for a project like ours. /A Jackson smime.p7s Description: S/MIME cryptographic signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Hi Anders, In an ideal world, yes, but in order for the freedombox to be useful for mainstream users, we have to be compatible with the current situation of the world outside, which (still) involves IPv4, DNS, browsers' white lists for CAs, etcetera. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 10, 2012 at 08:54:01AM +0200, Anders Jackson wrote: And about certificates, there are not only StartSSL (https://stratssk.com), which is good but we also have have CAcert (https://CAcert.org/) which should be a good infrastructure for a project like ours. Using self-signed certs with a STEED-like trust approach would be fine. Supplementing it with a FOAF web of trust even better. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
i appreciate that we as power users can use those things, but our goal with freedombox is to make something for 'normal' people. If you visit https://g10code.com/steed.html using for instance Chrome, you get a big page saying you are under attack and this domain is unsafe. In Firefox it's grey, but it's still a scary page. Did you see that? Therefore, even though i'm also very much against the politics of the CA system we have, I think these alternatives are not an option (yet) (unfortunately). On Tue, Jul 10, 2012 at 1:21 PM, Eugen Leitl eu...@leitl.org wrote: On Tue, Jul 10, 2012 at 08:54:01AM +0200, Anders Jackson wrote: And about certificates, there are not only StartSSL (https://stratssk.com), which is good but we also have have CAcert (https://CAcert.org/) which should be a good infrastructure for a project like ours. Using self-signed certs with a STEED-like trust approach would be fine. Supplementing it with a FOAF web of trust even better. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 10 July 2012 13:44, Michiel de Jong mich...@unhosted.org wrote: i appreciate that we as power users can use those things, but our goal with freedombox is to make something for 'normal' people. If you visit https://g10code.com/steed.html using for instance Chrome, you get a big page saying you are under attack and this domain is unsafe. In Firefox it's grey, but it's still a scary page. Did you see that? The above site works fine for me in firefox. Sorry for being a bit slow, I'm trying to understand the pagekite proposal better. Is it based on a user's own certificate, or some other certificate, or a proxy? Therefore, even though i'm also very much against the politics of the CA system we have, I think these alternatives are not an option (yet) (unfortunately). On Tue, Jul 10, 2012 at 1:21 PM, Eugen Leitl eu...@leitl.org wrote: On Tue, Jul 10, 2012 at 08:54:01AM +0200, Anders Jackson wrote: And about certificates, there are not only StartSSL (https://stratssk.com), which is good but we also have have CAcert (https://CAcert.org/) which should be a good infrastructure for a project like ours. Using self-signed certs with a STEED-like trust approach would be fine. Supplementing it with a FOAF web of trust even better. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 10, 2012 at 11:44 AM, Michiel de Jong mich...@unhosted.org wrote: i appreciate that we as power users can use those things, but our goal with freedombox is to make something for 'normal' people. If you visit https://g10code.com/steed.html using for instance Chrome, you get a big page saying you are under attack and this domain is unsafe. In Firefox it's grey, but it's still a scary page. Did you see that? Actually, to clarify - this particular project, to build a FreedomBox which is helpful in the context of today's web is obviously only a subset of what the FreedomBox project itself is about. We don't mean to co-opt the FreedomBox and turn it into something else, but we wonder whether we could build something obviously useful for specifically the be independent on the web scenario which Eben Moglen was talking about at the very beginning (his message changed over time, especially as the Arab Spring unfolded). Perhaps we should call the box something else to avoid confusion? -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 10, 2012 at 11:56 AM, Melvin Carvalho melvincarva...@gmail.com wrote: On 10 July 2012 13:44, Michiel de Jong mich...@unhosted.org wrote: Sorry for being a bit slow, I'm trying to understand the pagekite proposal better. Please don't call it a pagekite proposal. The initiative came from Markus and Michiel, and pagekite is only a (potential) part of it. Is it based on a user's own certificate, or some other certificate, or a proxy? Are you asking for a description of how PageKite works? The ultra-short summary is that PageKite defines a protocol and software which lets a web server connect to or become part of the web, even if it doesn't have a public IP. It does so using an encrypted tunnel to a specialized reverse proxy. The reverse proxy can do helpful things such as terminate incoming SSL connections with a wild-card certificate, before re-encrypting the traffic that travels over the tunnel. Alternately, PageKite can also proxy end-to-end HTTPS traffic which is more secure (the relay cannot see or modify the traffic stream) but harder to set up (the origin web server needs its own domain and certificiate). -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 10, 2012 at 12:08 PM, Melvin Carvalho melvincarva...@gmail.com wrote: Thanks for the explanation. In practical terms, where, typically would/could this reverse proxy run? There are a few options: 1) A commercial provider (e.g. my pagekite.net service) 2) A VPS or home server with a public IP (so a friend could run it) 3) A grassroots organization of volunteers Of these 1) and 2) are real today, 3) is not. For out-of-the-box instant gratification and user-friendliness, 1) and 3) are realistic options, I tend to think 2) is not. Also note that 3) is IMO not a realistic option for clear-text traffic, because there are significant risks of abuse by malware authors and other nasty folks who would just love to volunteer to inject crap into your websites. One of the fundamental motivations for freedombox is for a user to keep their own logs. Therefore, if I've understood correctly, trust in the reverse proxy would need to be paramount? Your web server logs stay on your web server. :-) PageKite as written does not log much when running as a relay, it even obfuscates IP addresses before writing to its log. It does not log the contents of a stream. Of course, anyone could hack the code and add more snooping, but that is already the case for all the other routers you rely on (at you ISP and the Internet backbone) for clear-text communication. So as usual, if you are concerned about snooping, you use end-to-end HTTPS. This reduces the snooping potential to information like: IP x.y.z.a communicated with host.foo.com over SSL at Date/Time and transferred N bytes. Again, this is exactly the same info as all the existing routers on the Internet can (and often do) already collect. Using PageKite in MITM SSL mode provides a middle ground where all the other routers are denied access to the contents of your communication, but the PageKite relay could still snoop. So there is still a risk, but it is (depending on who your adversary is) significantly decreased, especially if you have a good trust relationship with the person running your PageKite relay (and they know how to keep their servers secure). -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Mon, Jul 9, 2012 at 1:41 AM, Bjarni Rúnar Einarsson b...@pagekite.net wrote: To make this e-mail not a complete waste: random useful thing: badger.com provide an API for registering domains. Others may as well (gandi.net?). This means if someone writes the software, then buying a domain could be handled entirely within the UI of the box itself. that would be amazingly awesome actually. IndieWeb in a box! it will also feel nice to really have your own website. and we can add a few basic fedsocweb features. previously i was thinking of subdomains because they don't cost money to renew. but there are two advantages of proper domain names: - the user directly deals with the domain name registrar. they can even transfer to another registrar without interrupting anything. it's as decentralized as we can make it. - what if we also automate startssl as Michael Rogers suggested? startssl's identity check they do now relies on an email conversation with a supposed human agent (i always wonder if i'm talking with a bot during those), but the fact that a physical object was purchased and shipped can effectively work to establish legitimacy of the user (buying the plugserver is like resolving a captcha, it proves that you are human). as Bjarni and i also already discussed, maybe we need to reach out to startssl and find out if they could cooperate to make this really work. wouldn't that be amazing? each freedombox coming with a real https-enabled domain, which makes you a first-class citizen on the (social) web. if we can automate the two registration steps (DNR and SSL), then it could be feasible. if people think this could work then i'll contact startssl about it, and see what they say. they might say no, for reasons we can't predict, but i think it's worth a try. cheers, Michiel ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Hi Marc, On Mon, Jul 9, 2012 at 5:50 AM, Marc m...@let.de wrote: There are several open source registies out there: http://let.de/index.php/the-search-for-a-registry-solution-experiences-of-a-small-cctld/ Why certs ? Every twitter or facebook app works with an api key , why not simply use somethign like that ? Not sure which problem you are trying to solve here, you should clarify. Whether a DNS registry is open source or not is largely irrelevant, if you need a domain you need someone to provide you with it - unless you plan to run your own TLD, we're obviously not all going to do. Why reinventing the wheel when working code and solutions are out there ? http://pdos.csail.mit.edu/uia/ Thanks for this link, this is awesome work which I was unaware of. :-) The research paper is very long and I only skimmed it to get a feel for what it could do. IAt first glance this looks very relevant to other (non-web-serving) aspects of the FreedomBox - it looks like it is (potentially) a more decentralized and more performant alternative to Tor (so gaining speed and decentralization,but sacrificing strong anonymity). There may well be many use-cases where that is a good trade-off. However, at first glance UIA doesn't appear useful for folks who want to take part in the legacy public web, as the addresses it allocates are cryptographic hashes which they generally represent to the OS as part of the IPv6 pool reserved for link-local (so completely non-routeable). -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
2012/7/9 Bjarni Rúnar Einarsson b...@pagekite.net Hi Marc, On Mon, Jul 9, 2012 at 5:50 AM, Marc m...@let.de wrote: There are several open source registies out there: http://let.de/index.php/the-search-for-a-registry-solution-experiences-of-a-small-cctld/ Why certs ? Every twitter or facebook app works with an api key , why not simply use somethign like that ? Not sure which problem you are trying to solve here, you should clarify. Whether a DNS registry is open source or not is largely irrelevant, if you need a domain you need someone to provide you with it - unless you plan to run your own TLD, we're obviously not all going to do. hi Bjarni Ok, thats the centralised alternative, If we build our own Network with a lets call it Freedombox Grid We could use our own DNS and we are not dependent on any other controlled DNS registry , so everybody could register a http://whatever adress to reach each freedombox. http://pdos.csail.mit.edu/uia/ However, at first glance UIA doesn't appear useful for folks who want to take part in the legacy public web, as the addresses it allocates are cryptographic hashes which they generally represent to the OS as part of the IPv6 pool reserved for link-local (so completely non-routeable). If you take a close look you will see its build on apple bonjour ,zeroconfiguration, NAT-PmP and could run on any mobile device. this is another project with the same approach: The MyNet Project is a collaboration between the Nokia Pervasive Computing Group and the MIT UIA team (UIA=User Information Architecture). It is clear that personal devices such as mobile phones, digital music players, personal digital assistants, console gaming systems, and digital cameras have become commonplace in the lives of ordinary people. We believe that as these intelligent and networking capable devices proliferate - security, ease of use and peer-to-peer connectivity will become increasingly important. http://research.nokia.com/page/51 I believe that DNS is the most important thing of the project ! just my 2 cents Greetings -- Marc Manthey 50823 Köln, germany Vogelsangerstr.97 Phone: 0049-221-29891489 Mobile : 0049-1577-3329231 Website: http://let.de Email: m...@let.de ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
That's it. Did I miss anything? :-) Sure. Here are three more scenarios. What all of them share is that YOU choose which friends with static IP addresses to trust, and that those friends' FreedomBoxes handle much of the setup and maintenance overhead. These three scenarios don't require ANY centralized infrastructure other than a DNS provider that everyone needs anyway. Since FreedomBox is built out of standardized software, even friends who don't have FreedomBoxes can act as your friends, if they are already running, or willing to run, that software on their existing Linux servers. == Scenario DNS Redirect == Offer an option to host your website on your freedombox, with a dynamic IP address, that is reached via one, two, or more friends' freedomboxes' static IP addresses who serve up your domain records. Domain records (also known as your DNS zone) describe what IP addresses your web server (and other servers) are located on, the domain names of the servers that serve up your DNS zone, and possibly public keys and signatures that secure this and other information. In the standard DNS protocol, these records can be changed dynamically and are globally cached for high performance and reliability. (This is how the Internet already works.) Our software would provide both server and client implementations of a domain name server / redirector. If you have a static IP address, your FreedomBox can host a domain server, which serves up your own domain name(s), and also serves up the name(s) of friends. This DNS server would accept dynamic updates from your friends' FreedomBoxes, which would revise the IP address in the zone. The client software that runs in your FreedomBox would merely publish these dynamic updates (to your friends' FreedomBoxes) whenever your FreedomBox's public IP address changed. These updates would be cryptographically signed to avoid unwanted changes. By choosing more than one friend to host your domain zone, you would avoid single points of failure. Web accesses would come directly from the world to your dynamically-addressed FreedomBox. Even friends who don't have a static IP address can improve your reachability/reliability, if they have a dynamic and publicly reachable IP address. You should start with one friend with a static IP address as an anchor site. Once browsers support DNS-signed SSL certificates using the IETF DANE TLS protocol, the same software can securely publish your public key without making you interact with an SSL certificate provider (reducing the setup costs and making more of it automatable). Pros: Relatively low setup overhead. Works with SSL or without. Requires minimal permanent storage in all participating FreedomBoxes. Trivial ongoing overhead for your friend sites. Web accesses from the world go straight to your box. Can convert transparently to the Webproxy Redirect mode below, or to the Friends Web Cache mode below. Cons: Requires that you have at least ONE public IP address, dynamically assigned. Must find one or two friends. Must register those friends' domain names with your domain provider as your NS servers. == Scenario Webproxy Redirect == Same setup as above, except you don't even have a publicly reachable dynamic IP address. All you have is a NAT address and your NAT redirector is completely oblivious to all attempts to punch a hole through it. So you find two or more friends and they serve up your DNS records as before, but each of them advertise the entire set of friends' IP addresses as the address of your web site. And each of them runs a web proxy that relays any incoming web accesses from their box, out over their ISP, to your box, using the PageKite protocol. FreedomBox software would again provide both the server software and the client software for this. Your FreedomBox would at all times keep a TCP connection up to each friend's FreedomBox so that web accesses can be relayed to you down that TCP connection. Incoming web accesses from the world would go at random to any of your friends' FreedomBoxes. Those boxes would relay the traffic to yours. If you or the world can't reach some of your friends, those friends' proxies would not answer, and clients would try another address, making it possible to reach you anyway. As in DNS Redirect mode, can also publish IETF DANE TLS keys to eventually avoid SSL certificate setup overhead. Pros: Relatively low setup overhead. Works with SSL or without. Requires minimal permanent storage in all participating FreedomBoxes. Can convert transparently to the DNS Redirect mode above, or to the Friends Web Cache mode below. Cons: Must find one or two friends. Must register those friends' domain names with your domain provider as your NS servers. Your friends must be willing to have ALL your web traffic go via their ISP connection. We could ship a FreedomBox with just
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sat, Jul 7, 2012 at 1:25 PM, Michiel de Jong mich...@unhosted.org wrote: On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch l...@miranet.ch wrote: - with PageKite, this probably leads to registering a domain name for a box. as this is how the regular web works, normal browser/http-client can access the page/service. or subdomain, which saves money. we could use per-box startssl certs instead of certs on the proxy, but if the proxy is the apt server anyway then that does not really increase security, and it's annoying that you have to renew them each year. ... Michiel and I discussed this and related issues on IRC a bit yesterday, and he asked me to summarize the conclusions. So here goes... Goals: * Be able to host content on a FreedomBox which is part of the web * Be as independent as possible * Avoid single-points of failure, security and reliability-wise Non-goals: * Resist attacks/censorship by government-grade opponents The techniques we consider available to us, are traditional static IPs, PageKite and Tor/Tor2web. We specifically have Unhosted data in mind and HTTPS is considered a requirement for that. After talking back and forth a bit, we came up a few scenarios which the box can support relatively easily, which should suit different users' needs to varying degrees: == Scenario One: Traditional Web == 1. Use has a public IP address 2. User purchases their own domain name, configures it 3. User obtains SSL certificates Pros: This is the traditional way hosting on the web has worked, and it is still arguably the most efficient way to publish content. Very decentralized (user depends on DNS provider, security of SSL vendor and their own ISP, none of which have to be the same for everyone). Cons: Relatively high barrier, user must be quite technical. No anonymity. Can not be preconfigured. Most users have at most 1 public IP, so at only FreedomBox per household can serve content at a time. User costs: Domain registration and SSL cert (recurring, estimated $15/year, cheap domain and free StartSSL cert) == Scenario Two: Independent PageKite == Same as Scenario One, except instead of a public IP, the user connects to a PageKite relay to expose their web server (using their own cert/domain and end-to-end HTTPS). Pros: Mostly compatible with public web. Works for almost all users, slightly less technical as local network config isn't an issue. PageKite relay service could be provided either by the pagekite.net service or a network of peers, user could migrate from one to another at will. Provides weak anonymity, as the domain could be registered anonymously and the PageKite provider provides single layer of misdirection. Cons: High barrier, technical user. End-to-end HTTPS encryption over PageKite is not supported by some older browsers. A peer-operated PageKite relay network does not exist, so currently the only option is to pay pagekite.net (about $3/month) or run your own relay on a VPS ($5-20/month). User costs: Domain registration and SSL cert, PageKite subscription (recurring, estimated $50/year (see below, re. PK pricing)) == Scenario Three: Prepackaged Domain/SSL/PageKite == A variation on the above two, where instead of the user registering their own domain and SSL certificate, both are provided preconfigured on the FreedomBox itself by the distributor. A PageKite account could be included/preconfigured as well. Pros: A plug and play solution, especially if PageKite is included. Compatible with the public web. Cons: Requires the user have a public IP. The FreedomBox distributor becomes a single point of attack as they have a central list of which domain belongs to which user. The distributor is also in a position which allows them to issue new certs and MITM attack users without their knowledge. User costs: Domain registration and SSL cert, maybe PageKite subscription (recurring, estimated $15-50/year). First year maybe included in price of the box? == Scenario Four: Prepackaged PageKite/MITM SSL === Same as Scenario three, but without including a domain name or cert (uses a subdomain from the PageKite service or some other friendly org.) The boxes will be configured to relay through servers which do man in the middle SSL using a wild-card certificate. Pros: Plug and play. Weak anonymity. Mostly web compatible. Cons: User depends on the PageKite service for their identity (domain) and security. User costs: PageKite subscription (recurring, estimated $36/year). First year maybe included in price of the box? (Note: This number can be massaged a bit as I control the PageKite pricing scheme and I want to support these projects for idealistic reasons - I just need to not be losing lots of money on this. If we guarantee users aren't transferring massive amounts of bandwidth, this number can go down quite a bit.) == Scenario Five: Tor/Tor2web == This scenario assumes the box's services are published as Tor Hidden Services only.
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sat, 7 Jul 2012 16:28:46 +0200, Markus Sabadello wrote: On Fri, Jul 6, 2012 at 2:16 PM, Nick M. Daly wrote: On Tue, 3 Jul 2012 16:25:16 +0200, Markus Sabadello wrote: We should also have some updating mechanism... 1. When the FreedomBox boots, it checks if a certain file (together with a signature) is present on an attached USB drive. 2. If yes, and if the user enters their password, that file is executed and can update the box. Why reinvent the wheel when we already have Debian's updating system? Apt seems to work pretty well for the rest of the distribution. Any reasons it won't work here? Good point. Yeah I agree the standard updating mechanism should be used. That would be presented through Plinth, right? I.e. there would be a button saying Update my FreedomBox? Yup. The update-notifier package handles this well. It just pops a little icon that you can click when there are new updates. We can also pre-configure the system to install security updates automagically, which might be useful when Wheezy is released. That's in the plug-server setup guide [0] somewhere... Maybe the ability to stick a USB-drive-with-update-file into the box would still make sense. Kind of a backup recovery-mode option in case something went wrong with the box? Good idea. The OpenPandora project [1] actually has this built out into their system's firmware (hold a particular button while booting with specific SD card in a chosen card slot, while singing /It's a Small World/ backwards three times...). Right now, we do have the JTAG option, but we can't ask everybody to go that route. Would you be able to bring that sort of thread to the mailing with any questions you have? I'd do it, but you've been thinking over this problem for longer than I have and probably have more answers and better questions. My big question is: what files do we save off to recover later? A firmware reset (because that's essentially what it is) shouldn't lose all your blog posts, for example. An easy solution to this would be to move specific directories to a different partition that isn't wiped on reset. Which directories? Where's that partition stored? Right now, I'm imagining putting /home and /var on an external SD card. Upsides: - Your data's safe in case of factory reset. - Your data's easily transportable. Downsides: - The box won't work if you lose the card. You'll have to reset if you accidentally pop out the card. - Your data's easily steal-able. Nick 0: bitbucket.org/nickdaly/plugserver 1: openpandora.org pgpc1kAvTYiSm.pgp Description: PGP signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/07/12 20:43, Bjarni Rúnar Einarsson wrote: == Scenario Three: Prepackaged Domain/SSL/PageKite == A variation on the above two, where instead of the user registering their own domain and SSL certificate, both are provided preconfigured on the FreedomBox itself by the distributor. A PageKite account could be included/preconfigured as well. Pros: A plug and play solution, especially if PageKite is included. Compatible with the public web. Cons: Requires the user have a public IP. The FreedomBox distributor becomes a single point of attack as they have a central list of which domain belongs to which user. The distributor is also in a position which allows them to issue new certs and MITM attack users without their knowledge. These cons are all solvable. The box's installation wizard can guide the user through choosing a PageKite subdomain, entering payment details, generating an SSL cert and submitting it to StartSSL. The user doesn't need a static IP. The hardware distributor doesn't need to know which PageKite subdomain the user chooses, and doesn't need to generate or sign certs. A power user might want to choose a different PageKite provider or certificate authority - there's no reason the software shouldn't support that. Of course, a malicious hardware distributor could insert backdoors in the software to defeat the separation of powers, but all the proposed solutions are vulnerable to backdoors. Users will either have to trust the distributors or collectively audit the boxes. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJP+f0MAAoJEBEET9GfxSfM0voIAIf29JgusZqYkbVaMj/X+SHT JG2gC7VACAK2XWeyYQ+on/95gxYKjCW+Knf1Vk4BTWAgnOqSc0WQp6RNtUcRL867 zHS6IrjFtOmCF72dSmivGOvsHjyV+rqutrU9j5/pE1NnVdHkYpIqka413a7dIsNS fbjE60BnZEFZDz4HK+wqSE/wzcPZnHlZr2CvYzTLEKRLMC78X811TJrxBwZTEh7R Cccif6bC38XjjK1jkJ22FrgBky62UCFGSz0rlTgU1Q28n1ZeXwATezD6XD55jAAS 8JGQ869SE0PFAbTPA+lILbjTzcGZwgqmbgFmHUTX8mWL6AE6hjUNkqfi2nQyX04= =8y3p -END PGP SIGNATURE- ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 07/08/2012 09:43 PM, Bjarni Rúnar Einarsson wrote: On Sat, Jul 7, 2012 at 1:25 PM, Michiel de Jongmich...@unhosted.org wrote: On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauchl...@miranet.ch wrote: - with PageKite, this probably leads to registering a domain name for a box. as this is how the regular web works, normal browser/http-client can access the page/service. or subdomain, which saves money. we could use per-box startssl certs instead of certs on the proxy, but if the proxy is the apt server anyway then that does not really increase security, and it's annoying that you have to renew them each year. ... Michiel and I discussed this and related issues on IRC a bit yesterday, and he asked me to summarize the conclusions. So here goes... Goals: * Be able to host content on a FreedomBox which is part of the web * Be as independent as possible * Avoid single-points of failure, security and reliability-wise Non-goals: * Resist attacks/censorship by government-grade opponents The techniques we consider available to us, are traditional static IPs, PageKite and Tor/Tor2web. We specifically have Unhosted data in mind and HTTPS is considered a requirement for that. After talking back and forth a bit, we came up a few scenarios which the box can support relatively easily, which should suit different users' needs to varying degrees: == Scenario One: Traditional Web == 1. Use has a public IP address 2. User purchases their own domain name, configures it 3. User obtains SSL certificates Pros: This is the traditional way hosting on the web has worked, and it is still arguably the most efficient way to publish content. Very decentralized (user depends on DNS provider, security of SSL vendor and their own ISP, none of which have to be the same for everyone). Cons: Relatively high barrier, user must be quite technical. No anonymity. Can not be preconfigured. Most users have at most 1 public IP, so at only FreedomBox per household can serve content at a time. User costs: Domain registration and SSL cert (recurring, estimated $15/year, cheap domain and free StartSSL cert) == Scenario Two: Independent PageKite == Same as Scenario One, except instead of a public IP, the user connects to a PageKite relay to expose their web server (using their own cert/domain and end-to-end HTTPS). Pros: Mostly compatible with public web. Works for almost all users, slightly less technical as local network config isn't an issue. PageKite relay service could be provided either by the pagekite.net service or a network of peers, user could migrate from one to another at will. Provides weak anonymity, as the domain could be registered anonymously and the PageKite provider provides single layer of misdirection. Cons: High barrier, technical user. End-to-end HTTPS encryption over PageKite is not supported by some older browsers. A peer-operated PageKite relay network does not exist, so currently the only option is to pay pagekite.net (about $3/month) or run your own relay on a VPS ($5-20/month). User costs: Domain registration and SSL cert, PageKite subscription (recurring, estimated $50/year (see below, re. PK pricing)) == Scenario Three: Prepackaged Domain/SSL/PageKite == A variation on the above two, where instead of the user registering their own domain and SSL certificate, both are provided preconfigured on the FreedomBox itself by the distributor. A PageKite account could be included/preconfigured as well. Pros: A plug and play solution, especially if PageKite is included. Compatible with the public web. Cons: Requires the user have a public IP. The FreedomBox distributor becomes a single point of attack as they have a central list of which domain belongs to which user. The distributor is also in a position which allows them to issue new certs and MITM attack users without their knowledge. User costs: Domain registration and SSL cert, maybe PageKite subscription (recurring, estimated $15-50/year). First year maybe included in price of the box? == Scenario Four: Prepackaged PageKite/MITM SSL === Same as Scenario three, but without including a domain name or cert (uses a subdomain from the PageKite service or some other friendly org.) The boxes will be configured to relay through servers which do man in the middle SSL using a wild-card certificate. Pros: Plug and play. Weak anonymity. Mostly web compatible. Cons: User depends on the PageKite service for their identity (domain) and security. User costs: PageKite subscription (recurring, estimated $36/year). First year maybe included in price of the box? (Note: This number can be massaged a bit as I control the PageKite pricing scheme and I want to support these projects for idealistic reasons - I just need to not be losing lots of money on this. If we guarantee users aren't transferring massive amounts of bandwidth, this number can go down quite a bit.) == Scenario Five: Tor/Tor2web == This scenario assumes the
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 07/08/2012 09:45 PM, Nick M. Daly wrote: On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote: On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch wrote: with PageKite, this probably leads to registering a domain name for a box... or subdomain, which saves money. with Tor HS, no need to register a domain... for mainstream users that would mean going via tor2web, so effectively still a reverse proxy setup. For the record, I'd like to see what comes of both the PK and THS approaches. PK seems easier, while THS seems more robust (it'll take a lot more than some ICE paperwork to corrupt the Tor directory servers). Box-to-box communication can be much simpler and is where I've been focusing most of my time. Thanks for looking into these harder problems. i think too that Tor HS (+FreedomBuddy) is mostly an advantage for interbox communication and a time when app usage might mean, that a user logs-in to his fbx where information gets pulled together for him. for the integration in the web-of-today (role:server) it's more of a handicap. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sun, Jul 8, 2012 at 9:35 PM, Michael Rogers mich...@briarproject.org wrote: Cons: Requires the user have a public IP. The FreedomBox distributor becomes a single point of attack as they have a central list of which domain belongs to which user. The distributor is also in a position which allows them to issue new certs and MITM attack users without their knowledge. These cons are all solvable. The box's installation wizard can guide the user through choosing a PageKite subdomain, entering payment details, generating an SSL cert and submitting it to StartSSL. The user doesn't need a static IP. The hardware distributor doesn't need to know which PageKite subdomain the user chooses, and doesn't need to generate or sign certs. If the user doesn't have a static IP, then the user has to configure dynamic DNS. Also solvable. However, you seem to be assuming the box will have a public IP (static or not) - that is almost never the case. Usually the public IP is reserved for your border router, which the FreedomBox may not be able to replace. Power users may be using their public ports already, non-power-users will find port-forwarding to be a challenge. Helping people with port-forwarding is not easy because of the dizzying array of different devices out there, any instructions we provide (or scripts, or...) will be inaccurate most of the time. Some routers will let us uPNP our way out, but much of the time you'll find that the local Skype instance has already stolen port 443. :-) A power user might want to choose a different PageKite provider or certificate authority - there's no reason the software shouldn't support that. This I absolutely agree with! -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/07/12 23:41, Bjarni Rúnar Einarsson wrote: On Sun, Jul 8, 2012 at 10:39 PM, Bjarni Rúnar Einarsson Oops, please don't take my last reply too seriously. But you're confusing scenarios there, what you just described is scenario Two or Four. :-) Not quite - unlike scenario two, the user would get a subdomain from the PageKite provider, rather than using her own domain. And unlike scenario four, the user would generate a certificate for the subdomain and have it signed by a CA, rather than using someone else's wildcard cert. I'm splitting hairs, though - the main point was that things like certificate signing can be handled by the installation wizard, using service providers that are independent from the hardware vendor. To make this e-mail not a complete waste: random useful thing: badger.com provide an API for registering domains. Others may as well (gandi.net?). This means if someone writes the software, then buying a domain could be handled entirely within the UI of the box itself. That sounds great! What was the issue you mentioned with end-to-end HTTPS when using PageKite with the user's own domain? Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJP+h0AAAoJEBEET9GfxSfM6w4H+gO0o+Lz3a79WLCdRLYF9wmx xwlMzKfoT4Yv4qAtBCsDiFVape9qpAMsZZAQnxOLKijH3OEnFzt0WGRRieOIPNrh zBi4GuSpgsbzV8SJbO3o49I0UJlmDPa3Orhvs+MuQ2R/Rg93u7AGKH8tabML1S6E Tl+6jRajMXTezPgmtUCI1MD1sgtY8c2tqqlDfZ9hDejCZMJn6eyGCzX9TOVmRnCo M59h8wqRLVoDUMzl+YoirKPJZYcFAwpyTtixouDY9ReliPhml/sulg3DMWbWEiWd foWHnQsaLfyuJt2j5RPm+E4bD+ZgoJsON7PxohlzuTrW5HbUUKtmbsi8vMQGDw4= =tkVl -END PGP SIGNATURE- ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sun, Jul 8, 2012 at 11:51 PM, Michael Rogers mich...@briarproject.org wrote: On 08/07/12 23:41, Bjarni Rúnar Einarsson wrote: Not quite - unlike scenario two, the user would get a subdomain from the PageKite provider, rather than using her own domain. And unlike scenario four, the user would generate a certificate for the subdomain and have it signed by a CA, rather than using someone else's wildcard cert. I don't think most CAs are willing do that. I would love to be proven wrong though. There are multiple issues here though - subdomains may be free, but they do tie your identity to whoever provided you with it and make you depend on their DNS infrastructure. Top level domains at least have formal procedures and rules in place for handling transfers from one registrar to another. That's why this wasn't considered as a scenario. One way to look at the scenarios I provided was from the point of view of independence. Scenarios One and Two give the user at least a theoretical possibility of independence, where they can move from network to network and provider to provider. This is very important IMO, but unfortunately places a burden on the user to register and manage his own identity (domain cert) himself. Scenarios Three, Four and to a lesser degree, Five, introduce dependencies of various types which give more convenience to the user in the short term but may not really be compatible with the long-term vision of something like a FreedomBox. I think of them as training wheels. :-) (When presented this way, I actually see it as a benefit for the training wheels to be somewhat clunky and obviously imperfect. If your training wheels let you go 30kph, you may never take them off...) There are many other dimensions to this, but I feel this one is really fundamental and many of the others depend on it. Being able to switch service providers is in some ways a freedom which presupposes many of the others; privacy, anonymity, security - they don't do much for you if your provider cuts you off. -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch l...@miranet.ch wrote: - with PageKite, this probably leads to registering a domain name for a box. as this is how the regular web works, normal browser/http-client can access the page/service. or subdomain, which saves money. we could use per-box startssl certs instead of certs on the proxy, but if the proxy is the apt server anyway then that does not really increase security, and it's annoying that you have to renew them each year. - with Tor HS, no need to register a domain. as long as you don't loose the private-key you keep the same .onion address. to access the page/service, you need a Tor-Browser, Tor-Proxy or go via tor2web though. for mainstream users that would mean going via tor2web, so effectively still a reverse proxy setup. also, the Tor-based setup is not something we have working in production right now on normal Debian PCs, so unlike the pagekite-based setup, it's not readily packageable as i understand the proposition, the focus is on allowing unhosted-apps (JavaScript in an ordinary webbrowser) to access the fbx. yes, that would be one functionality, the other would be privoxy when accessing the internet from within the box's wifi range. maybe an unhosted-app could try first the .onion address directly (which succeeds if a tor-proxy is used) and fallback on tor2web if necessary? if you tell an unhosted web app that you want to connect your remote storage on an onion address, then it will try to do cross-origin XHR to that onion address, yes. it will go to whatever address you give it. i think the main point (for me, at least) is that we want to get a 2013 version out there now, that has functionality for a mainstream user. It would then be updateable through apt as soon as we have more better things working, and then the 2014 version can have full FreedomBuddy-based onion routing. my main open questions for the pagekite-based setup we're proposing are if it makes sense to put ssl-certs on the boxes (i have a feeling that it doesn't), and how we want to do the installation (i think the best way is to connect it via ethernet to the existing ISP-supplied router, and make it emit a wifi access point). ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Fri, Jul 6, 2012 at 2:16 PM, Nick M. Daly nick.m.d...@gmail.com wrote: Thanks for discussing this, you both raise a lot of good points, and I have a couple questions. On Tue, 3 Jul 2012 16:25:16 +0200, Markus Sabadello wrote: On Tue, Jul 3, 2012 at 8:59 AM, Michiel de Jong wrote: So even though ownCloud has a nicer interface than pyUnhosted, getting apache, sqlite, GD, php5 and ownCloud 4.0.4 all on a device with basically the power of a smartphone might be a bit ambitious... So let me think about what steps we would need: - add pagekite and pyUnhosted to the image. Easy, given this week's weekly-image changes. See: freedom-maker/bin/projects - pyUnhosted ... piped somehow to plinth Wordpress on Debian has actually solved this for us. See: /usr/share/doc/wordpress/examples/setup-mysql They dump the credentials to a file with the right permissions and ownership and use that as the permanent data store. - become the default proxy for all devices on the wifi...? My understanding is that it would be a transparent proxy... they get privoxyfied automatically if they use the FreedomBox wifi. I haven't actually given a lot of thought to the box as a wireless host. Most of my thinking has been using it as a host through the wild intertubes. On Tue, 3 Jul 2012 16:45:43 +0200, Markus Sabadello wrote: Of course then people would have 2 wifis, not sure if that's good or bad. Good, because I think it would easily work with the setup that most people have at home. Good also, because you can always choose to NOT use the FreedomBox. Bad, because it might be a more complex setup than it needs to be. There are a couple ways we could go here. 1. Replace your router with a FreedomBox. Technically, always possible, though ISPs might get irritated. 2. Co-mingle your FBX and router. If people understand wifi, they'll also understand multiple signals. As long as the FBX is an effective proxy, I'm not worried about it, technically. Socially, though, it's a weird thing: You mean I have to click that wifi button *every time* I want privacy?! Ideally, people would just move away from their router's networks altogether and push all their client devices' communications through the FBX. on first use, you would have to opt-in to setting up the public interface to your remoteStorage... we would have to set up said service, with for instance a 5-year plan included in the purchase of the off-the-shelf device... if we can resolve the first-use/wifi question then i think putting a box with privoxy + remoteStorage-through-pagekite on the market should be achievable. I'm a little leery of asking users to sign up for a service on a device that's designed to let them host their own services. It seems internally inconsistent. I don't think I have anything against offering it as an option, but it shouldn't be the only one. We should also listen to Zooko's advice and allow the folks who want to attach a GB - TB scale device to host their own storage provider and contribute to a (self-encrypted) shared FBX storage grid. I guess it's mostly a question of which one gets done when. We should also have some updating mechanism... 1. When the FreedomBox boots, it checks if a certain file (together with a signature) is present on an attached USB drive. 2. If yes, and if the user enters their password, that file is executed and can update the box. Why reinvent the wheel when we already have Debian's updating system? Apt seems to work pretty well for the rest of the distribution. Any reasons it won't work here? Good point. Yeah I agree the standard updating mechanism should be used. That would be presented through Plinth, right? I.e. there would be a button saying Update my FreedomBox? Maybe the ability to stick a USB-drive-with-update-file into the box would still make sense. Kind of a backup recovery-mode option in case something went wrong with the box? Nick ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Fri, Jul 6, 2012 at 6:45 PM, Michiel de Jong mich...@unhosted.orgwrote: On Fri, Jul 6, 2012 at 3:16 PM, Nick M. Daly nick.m.d...@gmail.com wrote: I haven't actually given a lot of thought to the box as a wireless host. Most of my thinking has been using it as a host through the wild intertubes. by wireless host do you mean client or access point? i think the freedombox can be connected to the existing router with a network cable, and then itself become a second access point. I see two options: - the freedombox emits a wifi signal or: - the freedombox sits inbetween the wifi router and the wall if additionally you can pull a network cable from your laptop to the freedombox, then that's nice to have for power users, but the wifi signal is what people use - network cables are very 2007 IMHO. if there is doubt about this then i'll do some street research, but i think only power users still use them for 'the last meter' so to speak. There are a couple ways we could go here. 1. Replace your router with a FreedomBox. Technically, always possible, though ISPs might get irritated. i don't care about ISP irritation, but chances are if you plug the DSL line into the freedombox, that simply nothing will happen. ISPs have all sorts of proprietary things going on there afaik. i think some even do remote firmware upgrades. i guess that's also what you meant with this point. so i don't think replacing the ISP-provided router is an option really. Ya I agree.. Of course sometimes you hear the question, why do I need another box, why can't I just use my existing router. But it really seems impossible to work with all the ISP specific details. 2. Co-mingle your FBX and router. If people understand wifi, they'll also understand multiple signals. As long as the FBX is an effective proxy, I'm not worried about it, technically. Socially, though, it's a weird thing: You mean I have to click that wifi button *every time* I want privacy?! most laptops will i think pick whichever signal is the strongest, and even switch dynamically. so yes, they would have to disconfigure their old wifi signal and get it out of the way. Ideally, people would just move away from their router's networks altogether and push all their client devices' communications through the FBX. yeah, that's doable though, i think. if i understand correctly this explains that it's possible to make for instance a dreamplug become a wifi ap: http://www.spinifex.com.au/plugs/dphowtowifiap.html Yes that's what I had always been assuming. You connect your FreedomBox to your ISP router with a cable. And then you connect to your FreedomBox' Wifi. Then your Internet works just like before, except that you can now use all the FreedomBox features. dnsmasq intercepts the freedombox name which you just type into your browser to access Plinth.. There has been an issue with AP mode working only with the proprietary Marvell drivers, not with open source drivers. Not sure what's the current status of this, if I remember correctly it depends on which one of the network interfaces is in the box (mwifiex, libertas, ..) I'm a little leery of asking users to sign up for a service on a device that's designed to let them host their own services. It seems internally inconsistent. I don't think I have anything against offering it as an option, but it shouldn't be the only one. i see your point, but what alternative do you see? if you want to offer any form of web presence, you need an IP address with a DNS domain pointing to it. the box needs to dial up to some sort of name service to announce where it is today. this can be either a DNS server or a (network of) reverse proxy(s) if you're on a dynamically assigned own IP. If you're behind NAT, then only a (network of) reverse proxy(s) can help you. The proposed DHT which resolves names to onion addresses is effectively a network of revers proxies too, and is not something we currently have working in production even on normal laptops afaik. We should also listen to Zooko's advice and allow the folks who want to attach a GB - TB scale device to host their own storage provider and contribute to a (self-encrypted) shared FBX storage grid. I guess it's mostly a question of which one gets done when. yes, that's the important question here i think. i'm all for it, in fact i think we should implement brokep's idea of buying .p2p as a top level domain, putting DHT-based DNS on it, and using that for everything. but my prediction is if it's not something we have working on our own normal PCs now, then it's not going to be easy to add it to the freedombox out of nowhere. Apt seems to work pretty well for the rest of the distribution. yeah, that seems reasonable. if we already trust a reverse proxy somewhere in the cloud then there is no reason to not also trust an apt server (probably that same
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 1 July 2012 23:17, Michiel de Jong mich...@unhosted.org wrote: IMO, applications support linked data, storage servers do not. Asking if a storage server supports linked data is a bit like asking whether a certain hard drive supports pdf. :) Having said that, there are always connotations, and that is probably what you are both referring to - so for instance, if you ask if the remoteStorage protocol supports ACLs based on client-side certificates, or SPARQL queries, the answer is no. We are however in the process of writing the data module for the client-side library (remoteStorage.js), and they will all use linked data at their core (specifically, json-ld). I do agree that it's useful to have client side data in structured form. However, it's more important to have structured data on back end. If remotestorage is simply going to put a blob in a location ... ie the equivalent of autosave ... it's going to be a very useful tool for some web apps, but it makes little sense on a freedombox, imho. Consider modern (or even less modern) databases. They can handle a blob in a field. But it's much better to use a table with fields, as this enables querying, cross referencing, federation and all those good things. I can see a great dyndns solution being VERY valuable to freedombox. If pagekite can provide that, it's a huge win. hth, Michiel On Mon, Jul 2, 2012 at 12:03 AM, Markus Sabadello markus.sabade...@gmail.com wrote: On Sun, Jul 1, 2012 at 8:27 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 1 July 2012 19:44, Markus Sabadello markus.sabade...@gmail.com wrote: Yes, having your own data on the FreedomBox via remoteStorage is exactly the core of the proposal. That, plus potentially integration with the FunkFeuer community wireless network in Vienna. Okay I have to say this.. We haven't submitted the proposal yet. If for some reason this is not a good idea, if this looks like an attempt to hijack FreedomBox, or capitalize on it, or anything like that, if there already is some sort of relationship between FreedomBox and Access that makes this proposal pointless, then we don't have to submit it. It was just an idea we came up with. It would effectively show ONE thing the FreedomBox could do (out of many ideas, including social networking). It would show how different projects (FreedomBox, Unhosted, PageKite, FunkFeuer) could complement each other. I think we should at least wait until the hackfest is over, maybe longer, before we submit it. Makes sense to wait for feedback from the hackfest. Storing my own data (on my own box) is something I find very interesting. But as far as I know I'm one of the only people that does that. Im curious as to what solutions you might suggest for the data storage, and what features are avaiable? ( personally I use data.fm ) Hmm we would want to be compatible with Unhosted's remoteStorage API, which does not include Linked Data. ownCloud might be an obvious option, but that's PHP. Bjarni wrote a simple implementation of remoteStorage in Python (here), which might fit in better with other Python-based FreedomBox components, but that's more limited than ownCloud. Please correct me if I'm wrong, but data.fm is read/write Linked Data and not compatible with Unhosted's remoteStorage, right? In any case, the FreedomBox will need a flexible storage API for the various apps that would run on it. Perhaps it could support ownCloud/remoteStorage on one hand, but also read/write Linked Data like data.fm, which would be like what WebBox is also all about, as I understand. Perhaps remoteStorage could be modified to also work with data.fm, I don't know that. Markus On Sun, Jul 1, 2012 at 6:57 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.com wrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.org wrote: Heya, So back in May, when
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Thanks for discussing this, you both raise a lot of good points, and I have a couple questions. On Tue, 3 Jul 2012 16:25:16 +0200, Markus Sabadello wrote: On Tue, Jul 3, 2012 at 8:59 AM, Michiel de Jong wrote: So even though ownCloud has a nicer interface than pyUnhosted, getting apache, sqlite, GD, php5 and ownCloud 4.0.4 all on a device with basically the power of a smartphone might be a bit ambitious... So let me think about what steps we would need: - add pagekite and pyUnhosted to the image. Easy, given this week's weekly-image changes. See: freedom-maker/bin/projects - pyUnhosted ... piped somehow to plinth Wordpress on Debian has actually solved this for us. See: /usr/share/doc/wordpress/examples/setup-mysql They dump the credentials to a file with the right permissions and ownership and use that as the permanent data store. - become the default proxy for all devices on the wifi...? My understanding is that it would be a transparent proxy... they get privoxyfied automatically if they use the FreedomBox wifi. I haven't actually given a lot of thought to the box as a wireless host. Most of my thinking has been using it as a host through the wild intertubes. On Tue, 3 Jul 2012 16:45:43 +0200, Markus Sabadello wrote: Of course then people would have 2 wifis, not sure if that's good or bad. Good, because I think it would easily work with the setup that most people have at home. Good also, because you can always choose to NOT use the FreedomBox. Bad, because it might be a more complex setup than it needs to be. There are a couple ways we could go here. 1. Replace your router with a FreedomBox. Technically, always possible, though ISPs might get irritated. 2. Co-mingle your FBX and router. If people understand wifi, they'll also understand multiple signals. As long as the FBX is an effective proxy, I'm not worried about it, technically. Socially, though, it's a weird thing: You mean I have to click that wifi button *every time* I want privacy?! Ideally, people would just move away from their router's networks altogether and push all their client devices' communications through the FBX. on first use, you would have to opt-in to setting up the public interface to your remoteStorage... we would have to set up said service, with for instance a 5-year plan included in the purchase of the off-the-shelf device... if we can resolve the first-use/wifi question then i think putting a box with privoxy + remoteStorage-through-pagekite on the market should be achievable. I'm a little leery of asking users to sign up for a service on a device that's designed to let them host their own services. It seems internally inconsistent. I don't think I have anything against offering it as an option, but it shouldn't be the only one. We should also listen to Zooko's advice and allow the folks who want to attach a GB - TB scale device to host their own storage provider and contribute to a (self-encrypted) shared FBX storage grid. I guess it's mostly a question of which one gets done when. We should also have some updating mechanism... 1. When the FreedomBox boots, it checks if a certain file (together with a signature) is present on an attached USB drive. 2. If yes, and if the user enters their password, that file is executed and can update the box. Why reinvent the wheel when we already have Debian's updating system? Apt seems to work pretty well for the rest of the distribution. Any reasons it won't work here? Nick pgpLQ781iwowg.pgp Description: PGP signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 3, 2012 at 8:59 AM, Michiel de Jong mich...@unhosted.orgwrote: This is great stuff! On Tue, Jul 3, 2012 at 5:29 AM, Nick M. Daly nick.m.d...@gmail.com wrote: I'd *love* to see Tor and PageKite in the default image. I don't know if there'll be time/expertise to get Tor into the image before EOY, but we should be able to include PageKite, if nothing else. Bjarni's two line install instructions are confounding! :) Nick 0: http://github.com/nickdaly/freedom-maker 1: http://github.com/nickdaly/plinth 2: http://github.com/nickdaly/freedombox-privoxy So even though ownCloud has a nicer interface than pyUnhosted, getting apache, sqlite, GD, php5 and ownCloud 4.0.4 all on a device with basically the power of a smartphone might be a bit ambitious. Also, the whole point of the remoteStorage web architecture is that the storage is just dumb storage and that all functionality and actual niceness is in unhosted web apps to which you connect your remoteStorage dynamically, instead of doing server-side webpage generation. So let me think about what steps we would need: - add pagekite and pyUnhosted to the image. - right now pyUnhosted outputs information (including the password you need) to the console. that should be piped somehow to plinth, so that the user can actually see it. - IIUC, for privoxy to work out of the box, we still need a way for the freedombox to become the default proxy for all devices on the wifi. how does that work? My understanding is that it would be a transparent proxy, i.e. it captures all connections. So you don't have to configure anything on the client devices, they get privoxyfied automatically if they use the FreedomBox wifi. The easiest UI for this would be if the freedombox emits a wifi signal. people will understand that. If the freedombox only lets through https and ssh traffic, then this wifi signal can be unencrypted, like for instance the wifi signal at fosdem or other big conferences, so we help with the open wifi movement http://www.dslreports.com/shownews/EFF-Pushes-For-Open-WiFi-Movement-114016 by default (of course if the user is opposed to bandwidth altruism for some reason then they should be able to switch it off in plinth). If the freedombox does not emit its own wifi single, then i cannot see an easy first-use experience, but maybe i'm missing something. Idealistic as it may be, I don't think the open WiFi movement is appealing to the mainstream of Internet users. I think we'll get into all sorts of troubles and liabilities if we ship FreedomBox'es with open WiFi. Of course it could be optional, but I don't think it should be the default. - on first use, you would have to opt-in to setting up the public interface to your remoteStorage. so plinth would need a screen that say choose your username and password at freedomstorage.org (or whatever we call it), and from that moment on, it would be dialled in there, and ready for connecting your freedombox to unhosted web apps as remoteStorage. Sounds good to me, yeah the user will have to choose their PageKite name (and maybe be allowed to later change it? or add multiple names?) - we would have to set up said service, with for instance a 5-year plan included in the purchase of the off-the-shelf device. i know this proposal is only for creating the disk image, but we should also set up a pre-order production chain. As soon as 100 orders are in, we just organize a flashing-weekend, flash 100 devices in an afternoon, and ship them. Sounds great. - if we can resolve the first-use/wifi question then i think putting a box with privoxy+remoteStorage-through-pagekite on the market should be achievable. We should also have some updating mechanism. Ideally, we would have a FreedomAppStore where you can download additional functionality, but that may be too hard for now, and a bit risky from a security perspective. A simple future-ready updating mechanism could be: 1. When the FreedomBox boots, it checks if a certain file (together with a signature) is present on an attached USB drive. 2. If yes, and if the user enters their password, that file is executed and can update the box. So we could start shipping simple Privoxy+remoteStorage+PageKite boxes now, and in a year or so we could tell people to download the update file and stick it into their box. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Tue, Jul 3, 2012 at 4:38 PM, Michiel de Jong mich...@unhosted.orgwrote: On Tue, Jul 3, 2012 at 5:25 PM, Markus Sabadello mar...@projectdanube.org wrote: My understanding is that it would be a transparent proxy, i.e. it captures all connections. So you don't have to configure anything on the client devices, they get privoxyfied automatically if they use the FreedomBox wifi. OK, so do i understand correctly that the hardware we're targetting will emit a wifi signal? Presumably a person who buys a freedombox, already has a router at home with wifi and probably also between 1 and 4 ethernet sockets. How will they deploy the freedombox? link the freedombox and the router by ethernet (i guess that would dhcp without need for any config on most routers, right?), and reconfigure their laptop and phone to forget the old wifi network and start to use the new freedombox wifi? Hmm yeah I think that's how I imagined it. Of course then people would have 2 wifis, not sure if that's good or bad. Good, because I think it would easily work with the setup that most people have at home. Good also, because you can always choose to NOT use the FreedomBox. Bad, because it might be a more complex setup than it needs to be. Anyway I would be interested in Nick's opinion. Guess there is some overlap with the other thread here (FreedomBox as home router). Idealistic as it may be, I don't think the open WiFi movement is appealing hm, it was worth a try ;) So we could start shipping simple Privoxy+remoteStorage+PageKite boxes now, and in a year or so we could tell people to download the update file and stick it into their box. sounds like a plan to me :) ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Mon, 2 Jul 2012 06:10:43 +0300, Michiel de Jong mich...@unhosted.org wrote: If you need help integrating it into the Freedom-Maker repository, so it's installed out of the box, I'd be more than happy to lend a hand. That would be very neat to see working. Cool, thanks! looking at http://anonscm.debian.org/gitweb/?p=freedombox/freedom-maker.git;a=tree it seems to currently have just the OS, right? And reading http://freedomboxfoundation.org/code/ it seem that apart from that, privoxy and plinth are already on there. Where exactly should we add ownCloud (or pyUnhosted, if the lamp stack is too heavy) into that? Er, kinda. I've been committing to my own copy of the freedom-maker tree [0], and including Plinth [1] and FreedomBox-Privoxy [2] in the constructed image manually. Look at freedom-maker/mk_dreamplug_rootfs. You can add ownCloud / pyUnhosted there, or you can wait until this weekend when I've cleaned up the mk_dreamplug_rootfs file further. That's kind of my project for this week: clean up freedom-maker as best I can, so it's easy to build upon. Has there been a decision about whether pagekite and owncloud should be added to the image? As i said on another thread, i think we should either choose to use Tor (probably with exit-node functionality disabled by default), or not to use Tor. Has there been a decision about that? If not, then now might be as good a time as ever to make a few of those decisions. Even if it's just to officially decide that we will simply do both versions (one with Tor and one without). I'd *love* to see Tor and PageKite in the default image. I don't know if there'll be time/expertise to get Tor into the image before EOY, but we should be able to include PageKite, if nothing else. Bjarni's two line install instructions are confounding! :) Nick 0: http://github.com/nickdaly/freedom-maker 1: http://github.com/nickdaly/plinth 2: http://github.com/nickdaly/freedombox-privoxy pgpBCWnOJ0Dkm.pgp Description: PGP signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.com wrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.org wrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use any Unhosted-enabled web application out there, and your data remains on your FreedomBox. I know that on the other thread there's a discussion about leadership and about joining in. I had all these questions too since I started working with FreedomBox, e.g. when I did demos, I wasn't sure to what extent I could speak officially about FreedomBox, how I could get involved, etc. In light of current criticism and allegations of vaporware, I think the answer is simply that everybody with ideas and resources should try to get something done in whatever way works. Anyway, so if we win the prize, then this could serve a few purposes.. 1. The three of us would have some $$$ to actively work and contribute to the FreedomBox at least for a little while. 2. The stuff we would work on (putting Unhosted and PageKite on the box) seems to align well with the DropBox Replacement idea that has been floating around. 3. We would have an actual (limited functionality, but working) FreedomBox, and a minimal viable product that can be demo'd at conferences. 4. The prize would mean a PR boost for the involved projects. What do you think..? Will there be a debian package for this prototype? Markus -- Project Danube: http://projectdanube.org Personal Data Ecosystem Consortium: http://personaldataecosystem.org/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 1 July 2012 19:44, Markus Sabadello markus.sabade...@gmail.com wrote: Yes, having your own data on the FreedomBox via remoteStorage is exactly the core of the proposal. That, plus potentially integration with the FunkFeuer community wireless network in Vienna. Okay I have to say this.. We haven't submitted the proposal yet. If for some reason this is not a good idea, if this looks like an attempt to hijack FreedomBox, or capitalize on it, or anything like that, if there already is some sort of relationship between FreedomBox and Access that makes this proposal pointless, then we don't have to submit it. It was just an idea we came up with. It would effectively show ONE thing the FreedomBox could do (out of many ideashttp://lists.alioth.debian.org/pipermail/freedombox-discuss/2012-May/003867.html, including social networking). It would show how different projects (FreedomBox, Unhosted, PageKite, FunkFeuer) could complement each other. I think we should at least wait until the hackfest is over, maybe longer, before we submit it. Makes sense to wait for feedback from the hackfest. Storing my own data (on my own box) is something I find very interesting. But as far as I know I'm one of the only people that does that. Im curious as to what solutions you might suggest for the data storage, and what features are avaiable? ( personally I use data.fm ) Markus On Sun, Jul 1, 2012 at 6:57 PM, Melvin Carvalho melvincarva...@gmail.comwrote: On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.comwrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.orgwrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use any Unhosted-enabled web application out there, and your data remains on your FreedomBox. I know that on the other thread there's a discussion about leadership and about joining in. I had all these questions too since I started working with FreedomBox, e.g. when I did demos, I wasn't sure to what extent I could speak officially about FreedomBox, how I could get involved, etc. In light of current criticism and allegations of vaporware, I think the answer is simply that everybody with ideas and resources should try to get something done in whatever way works. Anyway, so if we win the prize, then this could serve a few purposes.. 1. The three of us would have some $$$ to actively work and contribute to the FreedomBox at least for a little while. 2. The stuff we would work on (putting Unhosted and PageKite on the box) seems to align well with the DropBox Replacement idea that has been floating around. 3. We would have an actual (limited functionality, but working) FreedomBox, and a minimal viable product that can be demo'd at conferences. 4. The prize would mean a PR boost for the involved projects. What do you think..? Will there be a debian package for this prototype? Markus -- Project Danube: http://projectdanube.org Personal Data Ecosystem Consortium: http://personaldataecosystem.org/ ___ Freedombox-discuss mailing list
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
IMO, applications support linked data, storage servers do not. Asking if a storage server supports linked data is a bit like asking whether a certain hard drive supports pdf. :) Having said that, there are always connotations, and that is probably what you are both referring to - so for instance, if you ask if the remoteStorage protocol supports ACLs based on client-side certificates, or SPARQL queries, the answer is no. We are however in the process of writing the data module for the client-side library (remoteStorage.js), and they will all use linked data at their core (specifically, json-ld). hth, Michiel On Mon, Jul 2, 2012 at 12:03 AM, Markus Sabadello markus.sabade...@gmail.com wrote: On Sun, Jul 1, 2012 at 8:27 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 1 July 2012 19:44, Markus Sabadello markus.sabade...@gmail.com wrote: Yes, having your own data on the FreedomBox via remoteStorage is exactly the core of the proposal. That, plus potentially integration with the FunkFeuer community wireless network in Vienna. Okay I have to say this.. We haven't submitted the proposal yet. If for some reason this is not a good idea, if this looks like an attempt to hijack FreedomBox, or capitalize on it, or anything like that, if there already is some sort of relationship between FreedomBox and Access that makes this proposal pointless, then we don't have to submit it. It was just an idea we came up with. It would effectively show ONE thing the FreedomBox could do (out of many ideas, including social networking). It would show how different projects (FreedomBox, Unhosted, PageKite, FunkFeuer) could complement each other. I think we should at least wait until the hackfest is over, maybe longer, before we submit it. Makes sense to wait for feedback from the hackfest. Storing my own data (on my own box) is something I find very interesting. But as far as I know I'm one of the only people that does that. Im curious as to what solutions you might suggest for the data storage, and what features are avaiable? ( personally I use data.fm ) Hmm we would want to be compatible with Unhosted's remoteStorage API, which does not include Linked Data. ownCloud might be an obvious option, but that's PHP. Bjarni wrote a simple implementation of remoteStorage in Python (here), which might fit in better with other Python-based FreedomBox components, but that's more limited than ownCloud. Please correct me if I'm wrong, but data.fm is read/write Linked Data and not compatible with Unhosted's remoteStorage, right? In any case, the FreedomBox will need a flexible storage API for the various apps that would run on it. Perhaps it could support ownCloud/remoteStorage on one hand, but also read/write Linked Data like data.fm, which would be like what WebBox is also all about, as I understand. Perhaps remoteStorage could be modified to also work with data.fm, I don't know that. Markus On Sun, Jul 1, 2012 at 6:57 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.com wrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.org wrote: Heya, So back in May, when I did a FreedomBox-related demo at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prize where you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 1 July 2012 23:03, Markus Sabadello markus.sabade...@gmail.com wrote: On Sun, Jul 1, 2012 at 8:27 PM, Melvin Carvalho melvincarva...@gmail.comwrote: On 1 July 2012 19:44, Markus Sabadello markus.sabade...@gmail.comwrote: Yes, having your own data on the FreedomBox via remoteStorage is exactly the core of the proposal. That, plus potentially integration with the FunkFeuer community wireless network in Vienna. Okay I have to say this.. We haven't submitted the proposal yet. If for some reason this is not a good idea, if this looks like an attempt to hijack FreedomBox, or capitalize on it, or anything like that, if there already is some sort of relationship between FreedomBox and Access that makes this proposal pointless, then we don't have to submit it. It was just an idea we came up with. It would effectively show ONE thing the FreedomBox could do (out of many ideashttp://lists.alioth.debian.org/pipermail/freedombox-discuss/2012-May/003867.html, including social networking). It would show how different projects (FreedomBox, Unhosted, PageKite, FunkFeuer) could complement each other. I think we should at least wait until the hackfest is over, maybe longer, before we submit it. Makes sense to wait for feedback from the hackfest. Storing my own data (on my own box) is something I find very interesting. But as far as I know I'm one of the only people that does that. Im curious as to what solutions you might suggest for the data storage, and what features are avaiable? ( personally I use data.fm ) Hmm we would want to be compatible with Unhosted's remoteStorage API, which does not include Linked Data. ownCloud might be an obvious option, but that's PHP. Bjarni wrote a simple implementation of remoteStorage in Python (herehttps://github.com/pagekite/plugins-pyUnhosted), which might fit in better with other Python-based FreedomBox components, but that's more limited than ownCloud. Please correct me if I'm wrong, but data.fm is read/write Linked Data and not compatible with Unhosted's remoteStorage, right? In any case, the FreedomBox will need a flexible storage API for the various apps that would run on it. Perhaps it could support ownCloud/remoteStorage on one hand, but also read/write Linked Data like data.fm, which would be like what WebBox is also all about, as I understand. Perhaps remoteStorage could be modified to also work with data.fm, I don't know that. I believe all of remotestorage, owncloud and data.fm support WebDAV, so that's perhaps a start. Freedombox has the advantage everyone using the standard package can have a pretty decent data store, rather than, having to cater for many different providers. These means the lowest common denominator can be that much higher. Markus On Sun, Jul 1, 2012 at 6:57 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.comwrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.orgwrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use any Unhosted-enabled web application out there, and your
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 1 July 2012 23:40, Markus Sabadello markus.sabade...@gmail.com wrote: I guess one question is whether the FreedomBox should have SPARQL or some other semantic query language. Or is it good enough to simply be able to get/put entire Linked Data documents just like any other files. I would tend to say it would be nice to have both Makes sense, and any features the data store doesnt have, that people want, we can just patch It's much easier to roll out new features to freedombox, for example, than CouchDB Markus On Sun, Jul 1, 2012 at 11:23 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 1 July 2012 23:03, Markus Sabadello markus.sabade...@gmail.comwrote: On Sun, Jul 1, 2012 at 8:27 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 1 July 2012 19:44, Markus Sabadello markus.sabade...@gmail.comwrote: Yes, having your own data on the FreedomBox via remoteStorage is exactly the core of the proposal. That, plus potentially integration with the FunkFeuer community wireless network in Vienna. Okay I have to say this.. We haven't submitted the proposal yet. If for some reason this is not a good idea, if this looks like an attempt to hijack FreedomBox, or capitalize on it, or anything like that, if there already is some sort of relationship between FreedomBox and Access that makes this proposal pointless, then we don't have to submit it. It was just an idea we came up with. It would effectively show ONE thing the FreedomBox could do (out of many ideashttp://lists.alioth.debian.org/pipermail/freedombox-discuss/2012-May/003867.html, including social networking). It would show how different projects (FreedomBox, Unhosted, PageKite, FunkFeuer) could complement each other. I think we should at least wait until the hackfest is over, maybe longer, before we submit it. Makes sense to wait for feedback from the hackfest. Storing my own data (on my own box) is something I find very interesting. But as far as I know I'm one of the only people that does that. Im curious as to what solutions you might suggest for the data storage, and what features are avaiable? ( personally I use data.fm ) Hmm we would want to be compatible with Unhosted's remoteStorage API, which does not include Linked Data. ownCloud might be an obvious option, but that's PHP. Bjarni wrote a simple implementation of remoteStorage in Python (herehttps://github.com/pagekite/plugins-pyUnhosted), which might fit in better with other Python-based FreedomBox components, but that's more limited than ownCloud. Please correct me if I'm wrong, but data.fm is read/write Linked Data and not compatible with Unhosted's remoteStorage, right? In any case, the FreedomBox will need a flexible storage API for the various apps that would run on it. Perhaps it could support ownCloud/remoteStorage on one hand, but also read/write Linked Data like data.fm, which would be like what WebBox is also all about, as I understand. Perhaps remoteStorage could be modified to also work with data.fm, I don't know that. I believe all of remotestorage, owncloud and data.fm support WebDAV, so that's perhaps a start. Freedombox has the advantage everyone using the standard package can have a pretty decent data store, rather than, having to cater for many different providers. These means the lowest common denominator can be that much higher. Markus On Sun, Jul 1, 2012 at 6:57 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 14:07, Markus Sabadello markus.sabade...@gmail.comwrote: To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Thanks for the response. A couple of questions about the proposal: Is the idea here to save your own data (ie remote storage) on your freedom box? Would a minimal viable product, to demo FreedomBox, need to contain some kind of social network? Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.com wrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.orgwrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted,
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Sat, 30 Jun 2012 13:03:59 +0200, Markus Sabadello wrote: They are now calling for proposals for the Access Innovation Prize https://www.accessnow.org/prize where you can win $20k. ...Basically, the idea is that you could use any Unhosted-enabled web application out there, and your data remains on your FreedomBox... What do you think..? If you need help integrating it into the Freedom-Maker repository, so it's installed out of the box, I'd be more than happy to lend a hand. That would be very neat to see working. Nick pgpJ5hXmFArJR.pgp Description: PGP signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.org wrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use any Unhosted-enabled web application out there, and your data remains on your FreedomBox. I know that on the other thread there's a discussion about leadership and about joining in. I had all these questions too since I started working with FreedomBox, e.g. when I did demos, I wasn't sure to what extent I could speak officially about FreedomBox, how I could get involved, etc. In light of current criticism and allegations of vaporware, I think the answer is simply that everybody with ideas and resources should try to get something done in whatever way works. Anyway, so if we win the prize, then this could serve a few purposes.. 1. The three of us would have some $$$ to actively work and contribute to the FreedomBox at least for a little while. 2. The stuff we would work on (putting Unhosted and PageKite on the box) seems to align well with the DropBox Replacement idea that has been floating around. 3. We would have an actual (limited functionality, but working) FreedomBox, and a minimal viable product that can be demo'd at conferences. 4. The prize would mean a PR boost for the involved projects. What do you think..? Will there be a debian package for this prototype? Markus -- Project Danube: http://projectdanube.org Personal Data Ecosystem Consortium: http://personaldataecosystem.org/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
To be honest, I have never built a Debian package nor am I deeply familiar with the process. But all the pieces we're considering have Debian packages, i.e. PageKite, OLSRd, and for Unhosted there is OwnCloud, which has been considered a number of times on this list already. There really isn't much new about the proposal, just to help assemble a few things to the point where they can be demo'd at events and understood by end-users. It would help show the public that FreedomBox is real.. Markus On Sat, Jun 30, 2012 at 1:49 PM, Melvin Carvalho melvincarva...@gmail.comwrote: On 30 June 2012 13:03, Markus Sabadello mar...@projectdanube.org wrote: Heya, So back in May, when I did a FreedomBox-related demohttp://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/at the Internet Identity Workshop, I was made aware of the Access movement, which hosted the recent RightsCon and is also doing a lot of other great work. They are now calling for proposals for the Access Innovation Prizehttps://www.accessnow.org/prizewhere you can win $20k. So Michiel of Unhosted, Bjarni of PageKite, and myself have decided to submit a proposal, which would include building a simple FreedomBox prototype that runs an Unhosted remoteStorage component and PageKite to make it accessible from the open web. Also, the idea is to try integrate FreedomBox with the local FunkFeuer community mesh network in Vienna. We haven't submitted the proposal yet (deadline is August 15th), but here's the current text we're working on: http://projectdanube.pbworks.com/w/page/54796496/Access%20Innovation%20Prize%202012 Basically, the idea is that you could use any Unhosted-enabled web application out there, and your data remains on your FreedomBox. I know that on the other thread there's a discussion about leadership and about joining in. I had all these questions too since I started working with FreedomBox, e.g. when I did demos, I wasn't sure to what extent I could speak officially about FreedomBox, how I could get involved, etc. In light of current criticism and allegations of vaporware, I think the answer is simply that everybody with ideas and resources should try to get something done in whatever way works. Anyway, so if we win the prize, then this could serve a few purposes.. 1. The three of us would have some $$$ to actively work and contribute to the FreedomBox at least for a little while. 2. The stuff we would work on (putting Unhosted and PageKite on the box) seems to align well with the DropBox Replacement idea that has been floating around. 3. We would have an actual (limited functionality, but working) FreedomBox, and a minimal viable product that can be demo'd at conferences. 4. The prize would mean a PR boost for the involved projects. What do you think..? Will there be a debian package for this prototype? Markus -- Project Danube: http://projectdanube.org Personal Data Ecosystem Consortium: http://personaldataecosystem.org/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss