[Freedombox-discuss] Santiago Updates

Mon Mar 5 00:56:43 UTC 2012

Excellent work, Nick!

On Sun, 04 Mar 2012 18:11:41 -0600, Nick M. Daly <nick.m.daly at gmail.com> wrote:
> Hi folks, just wanted to send out updates on what I accomplished with
> Santiago this weekend.  Consider this both a status update and a request
> for help.  If this strikes you as interesting, feel free to jump in.
> 
> Santiago sits at [0], on the "santiago" branch.  Santiago, as James
> mentioned in the hackfest update, tries to be a hard-to-discover
> service-discovery tool, making it easier for friends to advertise
> services to one another, privately.
> 
> There were a lot of changes this weekend.  The previous system
> (immediately after the hackfest) was nothing more than a technical demo,
> showing how the data were stored and accessed.  This time around,
> Santiago's starting to grow some legs.  I've separated the different
> objects into their roles, though I'm not completely sure everything is
> broken out correctly.  We also have a service-building API, so it's now
> testable.
> 
> If you have code or ideas to contribute to any of the following,
> *please* do so.  These
> 
> Immediate TODOs:
> 
> - Consider changing message contents.  Do we include meta-information in
>   the replies to reduce the number of sent messages overall?  Is sending
>   data that can identify a single Santiago port to the recipient a
>   greater risk than sending out many more messages per request, while
>   keeping the responder hidden?

Data that can ID the owner of a santiago port should be withheld until
the client hitting the port has authenticated and is allowed to know the
ID.  We need an ACL system for that.

> 
> - Build out unit tests to verify the system's behavior.  Since every
>   setting no longer depends on magic config files, it's now unit
>   testable.  Thank Pete (or your preferred deity).
> 
> - Store and load the data from FileDict objects correctly.  James, I'll
>   have to ask you about that, I'm getting weird threading errors that
>   are probably due to building this outside of the main Plinth system.

Let's confer on those.  Are you using my withsqlite package for the file
dict?

> 
> - Verify and decrypt incoming messages.  You know, actually implement
>   the PGP part that's the whole point of this exercise.
> 
> Near TODOs:
> 
> - Actually send replies to the recipient's Santiago.
> 
> - Build a non-HTTP protocol.

This interests me.  What do you have in mind here?

> 
> Far TODOs:
> 
> - Add message queuing?
> 
> - Add service expiry?
> 
> - Add process separation?
> 
> - Add really weird protocols.
> 
> Once all the immediate and the first of the near TODOs are complete,
> this'll be ready to deploy as a testing tool.  I would prefer end-users
> stay away from it until the message queuing is worked out, but the worst
> that *should* happens is that the Santiago process (and the plug it's
> running on) are (D)DOSed, which will be inconvenient, but not harmful.
> Until the PGP encryption and signature verification are in, this may be
> very harmful.

In thinking about FreedomBox, some of us have quietly assumed that if we
have to draw a line in the sand on vulnerability, DDoS is a good line.
At any point, if the worst that can happen is DDoS, that might be
acceptable.

> 
> Thanks for your time,
> Nick
> 
> 0: https://github.com/NickDaly/Plinth
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120304/66bf07e4/attachment.pgp>