[Freedombox-discuss] The FB Base system

Bjarni Rúnar Einarsson bre at beanstalks-project.net
Mon Oct 11 10:41:37 UTC 2010 

On Mon, Oct 11, 2010 at 8:51 AM, Christian Brædstrup <
linuxchristian at gmail.com> wrote:

>
> 2010/10/11 Melvin Carvalho melvincarvalho at gmail.com
>
> Any thoughts on a DynDNS system?  Eben Moglen talked about this ...
>> probably something to go with the base?
>>
>
> Good point. There should be some kind of DynDNS system in the base perhaps
> along with the Tor based network some of the other guys are talking about. I
> don't know what the base solution would be. Perhaps including PageKite in
> the base and modifying the server to block external IP's to the web
> interface as standart? The system is still in a very early alpha but perhaps
> it would be a great solution for the future. Bjarni what is your view on
> that? I think you are the best person to answer that :)
>

Cool, other people doing my advocacy for me!

PageKite is built around the idea that people will almost certainly want to
run publicly visible servers on plug computers or other personal devices
(including mobile ones). Eben mentioned dynamic DNS as a way to make this
work, but in my experience dynamic DNS alone is insufficient. In addition to
the DNS issues, today you also have to reconfigure routers (hard for
non-techies, and hard for me because my ISP gave me a locked-down router) -
and making stuff like this work on a mobile device which changes networks
frequently is basically a lost cause. Also, if FreedomBoxes really do become
the revolution that we aim for, we should expect multiple f-boxes behind the
same router - sharing a single IP. Running services in that environment is
decidedly nontrivial.

Enter PageKite: somewhere there is a front-end PageKite server with a public
IP, and your PageKite back-end connects to it whenever it has a network
connection, creating a persistent TCP/IP tunnel. The back-end then uses
common dynamic DNS to direct public Internet traffic to the front-end, which
then proxies any requests over the tunnel to the back-end. The back-end then
connects, just like a normal reverse-proxy, to your local web-server,
SMTP-server, or whatever it was you wanted to expose to the wider Internet.

The free-software PageKite implementation includes both the back-end and the
front-end. So people can mix and match front-end providers (your friend
could run one for you) and dynamic DNS providers. My company will be a
one-stop-shop for getting up and running (names for sale, sub-domains for
free, dynamic DNS and fast, managed, geographically distributed front-ends),
but there is no lock-in - others can run front-ends and the back-end already
has (untested) support for the protocol used by DynDNS and No-IP.com.

The alpha  (which people are welcome to volunteer to help test) currently
supports HTTP and HTTPS (end-to-end, PageKite doesn't need to decrypt the
packets it just looks at the SNI header), and I plan support for XMPP,
incoming SMTP (not outgoing or relayed, due to spam issues) and
content-agnostic dynamically allocated high ports as well.

Note that not all protocols can be supported - only ones where the front-end
can do "name-based" virtual hosting to choose which back-end to send traffic
to. So things like SSH or TLS-encrypted IMAP won't work without
modifications.

I don't see this as a replacement for tor or other truly decentralized,
anonymous routing systems. This is solving a different problem, providing
compatibility with the existing protocols and letting people use a
FreedomBox to openly share with the public Internet. I think a lot of people
want to be able to do that.

For obvious reasons I would love for this tech to go in the base image. I'm
not exactly impartial though, so I'm bit shy about arguing the point too
strongly - but I do really believe it can solve a huge issue for the
FreedomBox.

I'm happy to answer any technical questions in more detail, and happy to let
people try things out. I hope to open up for public testing and make an
initial public release of the software in about a month.  The PageKite intro
I posted to my company blog is here:
http://beanstalks-project.net/2010-09-21/Beanstalks_technology_preview

-- 
Bjarni R. Einarsson
Founder, CEO and janitor of the Beanstalks Project.

http://beanstalks-project.net/  ~  http://bre.klaki.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20101011/10ce0d5d/attachment-0001.htm>

More information about the Freedombox-discuss mailing list