Login

Redecentralize

We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.

We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.

Home

Parent
David Geib [LibreList] Re: [redecentralize] snow: a new distributed secure virtual network 2014-07-04 15:48:55 (6 years 9 mons 18:32:00 ago)
> Thank you. The firewall is an obsolete and ineffective security hack that needs to die. Apps and OSes should be secure. OSes should implement app and service isolation properly. Authentication should be done with crypto.

That's the idea with this project. Make it as simple as possible to securely communicate with any device. All you need is the name because the key names are self-authenticating which means they can be used to bootstrap authentication of other information like the endpoint's current IP address, and this can all be done transparently by the snow daemon so it doesn't have to be reimplemented by every other application.

I just have to figure out how to get people to try it. So far nobody. I think the "compile it from source" thing is putting people off. It's not actually that hard, basically just install Debian, paste the commands from the instructions into a terminal and edit a couple of config files. Or maybe people are just too busy with hotdogs and fireworks today. I'm not sure the symbolism of the arbitrary deadline I set for releasing this has gone in my favor.


On Fri, Jul 4, 2014 at 2:06 PM, Adam Ierymenko <adam.ierymenko@zerotier.com> wrote:

Q: OMFG THE NAT IS THE FIREWALL YOU BROKE IT THE FIREWALL!!1
A: Please remain calm. Each device being addressable from one another is the way the Internet was designed to work and is the way IPv6 works, so this is something you will want to adjust to rather than resist. You will likely want to employ some kind of endpoint firewall, e.g. iptables on Linux. It is possible to identify traffic from snow based on the IP address range your device uses for it.

Hah!

Thank you. The firewall is an obsolete and ineffective security hack that needs to die. Apps and OSes should be secure. OSes should implement app and service isolation properly. Authentication should be done with crypto.

On Jul 4 , 2014, at 10:59 AM, David Geib <trustiosity.zrm@gmail.com> wrote:

I released a development version of a new piece of software today that may be of interest to this list. If anyone is willing to try it and provide comments or bug reports it would be appreciated.
https://github.com/zrm/snow



: