librelist archives

« back to archive

GNU Internet Stack / youbroketheinternet.org

GNU Internet Stack / youbroketheinternet.org

From:
Benjamin Heitmann
Date:
2013-12-29 @ 18:08
Hello there, 

I found this via the 30C3 coverage, its very relevant,
however I did not see it mentioned here, so I thought I would share it:

http://youbroketheinternet.org/

encourages projects to make a new internet stack from low level 
infrastructure all the way up to 
end user applications. 

I wanted to attached is a picture which assigns various projects to 
different levels of the stack, 
but the picture is too big.. ;)

All in all a very interesting umbrella project.

cheers, Benjamin. 


-- 
Benjamin Heitmann, BSc, MSc
PhD Researcher
Unit for Information Mining and Retrieval (UIMR)
Digital Enterprise Research Institute (DERI)
NUI Galway, Ireland

publications and slides: 
http://www.deri.ie/about/team/member/benjamin_heitmann/ 
http://www.slideshare.net/metaman/ 
https://www.researchgate.net/profile/Benjamin_Heitmann/

public PGP key available at: http://keys.gnupg.net/

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Eric Mill
Date:
2013-12-29 @ 20:26
I'm really glad this is happening - for one, it's incredibly educational
for me, a mere web developer who has never written a line of C
professionally. And even that chart is helpful in focusing people's
attention.

The one thing that rubs me the wrong way is lumping in JSON and XML as
things that have to be replaced with a "smarter" protocol,
PSYC<http://about.psyc.eu/>.
Why is this in here? JSON is an open, simple, intentionally dumb format
that is ubiquitous and incredibly useful. It certainly has downsides! But
there's a reason Protocol Buffers <https://code.google.com/p/protobuf/> hasn't
taken over the world, which is that it requires more upfront investment of
time and complexity, is more rigid, etc.

I don't know, I don't want to criticize a great effort over maybe a small
thing, but it's already asking developers to start over on a number of
things. If the effort wants to gain traction, maybe consider taking one of
the successful, ownerless, omnipresent protocols we've managed to converge
on and build on top of it. Pick your battles!


On Sun, Dec 29, 2013 at 1:08 PM, Benjamin Heitmann <
benjamin.heitmann@deri.org> wrote:

> Hello there,
>
> I found this via the 30C3 coverage, its very relevant,
> however I did not see it mentioned here, so I thought I would share it:
>
> http://youbroketheinternet.org/
>
> encourages projects to make a new internet stack from low level
> infrastructure all the way up to
> end user applications.
>
> I wanted to attached is a picture which assigns various projects to
> different levels of the stack,
> but the picture is too big.. ;)
>
> All in all a very interesting umbrella project.
>
> cheers, Benjamin.
>
>
> --
> Benjamin Heitmann, BSc, MSc
> PhD Researcher
> Unit for Information Mining and Retrieval (UIMR)
> Digital Enterprise Research Institute (DERI)
> NUI Galway, Ireland
>
> publications and slides:
> http://www.deri.ie/about/team/member/benjamin_heitmann/
> http://www.slideshare.net/metaman/
> https://www.researchgate.net/profile/Benjamin_Heitmann/
>
> public PGP key available at: http://keys.gnupg.net/
>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Francis Irving
Date:
2013-12-30 @ 01:49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wow, that's a pretty hardcore diagram!

Any key projects on it that are missing from this list?
https://github.com/redecentralize/alternative-internet

Francis

On Sun, Dec 29, 2013 at 06:08:24PM +0000, Benjamin Heitmann wrote:
> Hello there, 
> 
> I found this via the 30C3 coverage, its very relevant,
> however I did not see it mentioned here, so I thought I would share it:
> 
> http://youbroketheinternet.org/
> 
> encourages projects to make a new internet stack from low level 
infrastructure all the way up to 
> end user applications. 
> 
> I wanted to attached is a picture which assigns various projects to 
different levels of the stack, 
> but the picture is too big.. ;)
> 
> All in all a very interesting umbrella project.
> 
> cheers, Benjamin. 
> 
> 
> -- 
> Benjamin Heitmann, BSc, MSc
> PhD Researcher
> Unit for Information Mining and Retrieval (UIMR)
> Digital Enterprise Research Institute (DERI)
> NUI Galway, Ireland
> 
> publications and slides: 
> http://www.deri.ie/about/team/member/benjamin_heitmann/ 
> http://www.slideshare.net/metaman/ 
> https://www.researchgate.net/profile/Benjamin_Heitmann/
> 
> public PGP key available at: http://keys.gnupg.net/
> 



- -- 
Do *you* have an awesome idea you never quite manage to do? 
http://www.awesomefoundation.org/en/chapters/liverpool/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iEYEARECAAYFAlLA0ScACgkQhRiKo+HhcsDhRACfRCwVZumd3gxZcffzxGjJQ+B8
4agAoIRkz1+rNCm1lN5T6s6S9pUc/XUx
=Lppo
-----END PGP SIGNATURE-----

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Paul Frazee
Date:
2013-12-30 @ 03:46
No kidding about the diagram.

Interesting statement on http://youbroketheinternet.org/map

Because the web browser is so overladen with surveillance functionality
> such as cookies, invisible counters, e-tags and plenty of Javascript doing
> what the server tells it to. Now comes WebRTC which relies on web servers
> for authentication and thus enables them to run a man in the middle attack,
> and AJAX, which took off as the foundation of the web 2.0 and landed as a
> surveillance tool. Should we want to do web-based user interfaces, we'll
> have to use a custom browser with disabled HTTP support.


I'm not sure they justify dropping HTTP support.  Aren't these issues with
the access policies in the browser? I'm slow to let go of the legacy and
relative simplicity when incremental fixes are still possible.

They also knock on X.509 and DNS in that page. There's been some talk about
namecoin. Anybody follow that closely enough to comment?

Regarding WebRTC's MITM vulnerability, I wonder about using
http://www.w3.org/TR/WebCryptoAPI/ someday to do client certs, though
tcpacek's FUD about client-side crypto is hard to ignore. Any counter
thoughts?


On Sun, Dec 29, 2013 at 7:49 PM, Francis Irving <francis@flourish.org>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Wow, that's a pretty hardcore diagram!
>
> Any key projects on it that are missing from this list?
> https://github.com/redecentralize/alternative-internet
>
> Francis
>
> On Sun, Dec 29, 2013 at 06:08:24PM +0000, Benjamin Heitmann wrote:
> > Hello there,
> >
> > I found this via the 30C3 coverage, its very relevant,
> > however I did not see it mentioned here, so I thought I would share it:
> >
> > http://youbroketheinternet.org/
> >
> > encourages projects to make a new internet stack from low level
> infrastructure all the way up to
> > end user applications.
> >
> > I wanted to attached is a picture which assigns various projects to
> different levels of the stack,
> > but the picture is too big.. ;)
> >
> > All in all a very interesting umbrella project.
> >
> > cheers, Benjamin.
> >
> >
> > --
> > Benjamin Heitmann, BSc, MSc
> > PhD Researcher
> > Unit for Information Mining and Retrieval (UIMR)
> > Digital Enterprise Research Institute (DERI)
> > NUI Galway, Ireland
> >
> > publications and slides:
> > http://www.deri.ie/about/team/member/benjamin_heitmann/
> > http://www.slideshare.net/metaman/
> > https://www.researchgate.net/profile/Benjamin_Heitmann/
> >
> > public PGP key available at: http://keys.gnupg.net/
> >
>
>
>
> - --
> Do *you* have an awesome idea you never quite manage to do?
> http://www.awesomefoundation.org/en/chapters/liverpool/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (Darwin)
>
> iEYEARECAAYFAlLA0ScACgkQhRiKo+HhcsDhRACfRCwVZumd3gxZcffzxGjJQ+B8
> 4agAoIRkz1+rNCm1lN5T6s6S9pUc/XUx
> =Lppo
> -----END PGP SIGNATURE-----
>

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Francis Irving
Date:
2013-12-30 @ 11:42
My instinct is that long game, they're right and HTTP is fatally
flawed. 

It is a fundamentally centralizing protocol - the domain in a URL is
both the name of the resource *and* the place you go to get that
resource.

Short term is another matter. There are lots of incremental things
people can and should do now.


The dig at WebRTC is uncalled for - yes, right now you have to have
some other identity system to use it, and that is necessarily
central. But it's an open standard, pluggable compontent that can be
used in lots of ways. 

If you have some other decentralized identification system, you can 
then use WebRTC on top of it somehow later.

Francis

On Sun, Dec 29, 2013 at 09:46:31PM -0600, Paul Frazee wrote:
> No kidding about the diagram.
> 
> Interesting statement on http://youbroketheinternet.org/map
> 
> Because the web browser is so overladen with surveillance functionality
> > such as cookies, invisible counters, e-tags and plenty of Javascript doing
> > what the server tells it to. Now comes WebRTC which relies on web servers
> > for authentication and thus enables them to run a man in the middle attack,
> > and AJAX, which took off as the foundation of the web 2.0 and landed as a
> > surveillance tool. Should we want to do web-based user interfaces, we'll
> > have to use a custom browser with disabled HTTP support.
> 
> 
> I'm not sure they justify dropping HTTP support.  Aren't these issues with
> the access policies in the browser? I'm slow to let go of the legacy and
> relative simplicity when incremental fixes are still possible.
> 
> They also knock on X.509 and DNS in that page. There's been some talk about
> namecoin. Anybody follow that closely enough to comment?
> 
> Regarding WebRTC's MITM vulnerability, I wonder about using
> http://www.w3.org/TR/WebCryptoAPI/ someday to do client certs, though
> tcpacek's FUD about client-side crypto is hard to ignore. Any counter
> thoughts?
> 
> 
> On Sun, Dec 29, 2013 at 7:49 PM, Francis Irving <francis@flourish.org>wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Wow, that's a pretty hardcore diagram!
> >
> > Any key projects on it that are missing from this list?
> > https://github.com/redecentralize/alternative-internet
> >
> > Francis
> >
> > On Sun, Dec 29, 2013 at 06:08:24PM +0000, Benjamin Heitmann wrote:
> > > Hello there,
> > >
> > > I found this via the 30C3 coverage, its very relevant,
> > > however I did not see it mentioned here, so I thought I would share it:
> > >
> > > http://youbroketheinternet.org/
> > >
> > > encourages projects to make a new internet stack from low level
> > infrastructure all the way up to
> > > end user applications.
> > >
> > > I wanted to attached is a picture which assigns various projects to
> > different levels of the stack,
> > > but the picture is too big.. ;)
> > >
> > > All in all a very interesting umbrella project.
> > >
> > > cheers, Benjamin.
> > >
> > >
> > > --
> > > Benjamin Heitmann, BSc, MSc
> > > PhD Researcher
> > > Unit for Information Mining and Retrieval (UIMR)
> > > Digital Enterprise Research Institute (DERI)
> > > NUI Galway, Ireland
> > >
> > > publications and slides:
> > > http://www.deri.ie/about/team/member/benjamin_heitmann/
> > > http://www.slideshare.net/metaman/
> > > https://www.researchgate.net/profile/Benjamin_Heitmann/
> > >
> > > public PGP key available at: http://keys.gnupg.net/
> > >
> >
> >
> >
> > - --
> > Do *you* have an awesome idea you never quite manage to do?
> > http://www.awesomefoundation.org/en/chapters/liverpool/
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.12 (Darwin)
> >
> > iEYEARECAAYFAlLA0ScACgkQhRiKo+HhcsDhRACfRCwVZumd3gxZcffzxGjJQ+B8
> > 4agAoIRkz1+rNCm1lN5T6s6S9pUc/XUx
> > =Lppo
> > -----END PGP SIGNATURE-----
> >

-- 
Do *you* have an awesome idea you never quite manage to do? 
http://www.awesomefoundation.org/en/chapters/liverpool/

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
MikedePlume
Date:
2014-01-01 @ 11:50
On Mon, 2013-12-30 at 11:42 +0000, Francis Irving wrote:
> My instinct is that long game, they're right and HTTP is fatally
> flawed. 
> 
> It is a fundamentally centralizing protocol - the domain in a URL is
> both the name of the resource *and* the place you go to get that
> resource.
> 
> Short term is another matter. There are lots of incremental things
> people can and should do now.
> 

I really can't tell, but this might be relevant here.  Can anyone
interpret the short-form intro?

https://github.com/InstantWebP2P/node-httpp/wiki/An-introduction-to-node-httpp

Mike S.

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Richard Marr
Date:
2014-01-05 @ 11:35
I don't *think* it's relevant. Could be wrong though.

This project enables UDP as a replacement for TCP to try and squeeze out
some performance gains (TCP provides some reliability checks that UDP
doesn't care about and those checks cost time). They'd then run HTTP and
HTTPS at the application level as before... IP+UDP+HTTP rather than
IP+TCP+HTTP.


On 1 January 2014 11:50, MikedePlume <mike@mikedeplume.com> wrote:

> On Mon, 2013-12-30 at 11:42 +0000, Francis Irving wrote:
> > My instinct is that long game, they're right and HTTP is fatally
> > flawed.
> >
> > It is a fundamentally centralizing protocol - the domain in a URL is
> > both the name of the resource *and* the place you go to get that
> > resource.
> >
> > Short term is another matter. There are lots of incremental things
> > people can and should do now.
> >
>
> I really can't tell, but this might be relevant here.  Can anyone
> interpret the short-form intro?
>
>
> https://github.com/InstantWebP2P/node-httpp/wiki/An-introduction-to-node-httpp
>
> Mike S.
>
>


-- 
Richard Marr

Re: [redecentralize] GNU Internet Stack / youbroketheinternet.org

From:
Paul Frazee
Date:
2013-12-30 @ 17:45
You may be right. I need to see how the alternatives perform in real
use-cases. I think it'll be difficult to make feature parity with HTTP from
greenfield projects, which is why I'm skeptical. For instance, GNUnet's
protocol is restricted to file-sharing, while HTTP can do file sharing,
social networking, video-streaming, etc with dynamic backends. So I'm
inclined to say, keep HTTP, improve on its usage model, then mix in new
protocols like GNUnet that HTTP absolutely can't mimic.

Regarding WebRTC, the central dependency is signal routing and IP
discovery. You can distribute that system with lots of HTTPS hosts, but you
still need to address vulnerabilities in DNS and SSL and consider the
possibility of a compromised host. That's the same security outlook of most
of the Web. The difference is that breaching those systems should be or is
illegal, whereas tracking users in a CMS is not, and the latter is what
WebRTC solves for us.

Looked up that HN thread on OkTurtles to see where the Namecoin
conversation landed. Found an interesting idea at
https://news.ycombinator.com/item?id=6964090

I think it's interesting to look at what existing entities do when faced
> with DNS MITM and takedowns. The various torrent searchers and
> anti-censorship entities just diversified the TLDs they depend upon. So
> when their ".com" or ".net" domain gets taken down or man-in-the-middled,
> they tell their users to shift to .is , .ch, .se or some other TLD with a
> different regulatory framework, thus avoiding a single point of failure.



> If a new mechanism depends on the inconvenience of a browser extension
> anyway, why not automate the process people already use? For example
> "colmmacc.multi" could be intercepted by an extension and translated into 5
> DNS requests against say SHA-2("colmmacc").[com|ch|ly|se|is] and the
> extension could use a simple majority quorum of the answers to defend
> against a tampered response. Of course it means you have to register and
> host your domain 5 times, but that's pretty cheap these days.
>


> Other nice properties: works with all existing DNS security mechanisms
> (including DNSSEC or DNScurve), provides security against registrar or
> registry level tampering or compromises. Hash of the domain makes it hard
> for registries to block domains (they have no idea what the name is until
> it is popular) and also resets the clock on squatters.



On Mon, Dec 30, 2013 at 5:42 AM, Francis Irving <francis@flourish.org>wrote:

> My instinct is that long game, they're right and HTTP is fatally
> flawed.
>
> It is a fundamentally centralizing protocol - the domain in a URL is
> both the name of the resource *and* the place you go to get that
> resource.
>
> Short term is another matter. There are lots of incremental things
> people can and should do now.
>
>
> The dig at WebRTC is uncalled for - yes, right now you have to have
> some other identity system to use it, and that is necessarily
> central. But it's an open standard, pluggable compontent that can be
> used in lots of ways.
>
> If you have some other decentralized identification system, you can
> then use WebRTC on top of it somehow later.
>
> Francis
>
> On Sun, Dec 29, 2013 at 09:46:31PM -0600, Paul Frazee wrote:
> > No kidding about the diagram.
> >
> > Interesting statement on http://youbroketheinternet.org/map
> >
> > Because the web browser is so overladen with surveillance functionality
> > > such as cookies, invisible counters, e-tags and plenty of Javascript
> doing
> > > what the server tells it to. Now comes WebRTC which relies on web
> servers
> > > for authentication and thus enables them to run a man in the middle
> attack,
> > > and AJAX, which took off as the foundation of the web 2.0 and landed
> as a
> > > surveillance tool. Should we want to do web-based user interfaces,
> we'll
> > > have to use a custom browser with disabled HTTP support.
> >
> >
> > I'm not sure they justify dropping HTTP support.  Aren't these issues
> with
> > the access policies in the browser? I'm slow to let go of the legacy and
> > relative simplicity when incremental fixes are still possible.
> >
> > They also knock on X.509 and DNS in that page. There's been some talk
> about
> > namecoin. Anybody follow that closely enough to comment?
> >
> > Regarding WebRTC's MITM vulnerability, I wonder about using
> > http://www.w3.org/TR/WebCryptoAPI/ someday to do client certs, though
> > tcpacek's FUD about client-side crypto is hard to ignore. Any counter
> > thoughts?
> >
> >
> > On Sun, Dec 29, 2013 at 7:49 PM, Francis Irving <francis@flourish.org
> >wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Wow, that's a pretty hardcore diagram!
> > >
> > > Any key projects on it that are missing from this list?
> > > https://github.com/redecentralize/alternative-internet
> > >
> > > Francis
> > >
> > > On Sun, Dec 29, 2013 at 06:08:24PM +0000, Benjamin Heitmann wrote:
> > > > Hello there,
> > > >
> > > > I found this via the 30C3 coverage, its very relevant,
> > > > however I did not see it mentioned here, so I thought I would share
> it:
> > > >
> > > > http://youbroketheinternet.org/
> > > >
> > > > encourages projects to make a new internet stack from low level
> > > infrastructure all the way up to
> > > > end user applications.
> > > >
> > > > I wanted to attached is a picture which assigns various projects to
> > > different levels of the stack,
> > > > but the picture is too big.. ;)
> > > >
> > > > All in all a very interesting umbrella project.
> > > >
> > > > cheers, Benjamin.
> > > >
> > > >
> > > > --
> > > > Benjamin Heitmann, BSc, MSc
> > > > PhD Researcher
> > > > Unit for Information Mining and Retrieval (UIMR)
> > > > Digital Enterprise Research Institute (DERI)
> > > > NUI Galway, Ireland
> > > >
> > > > publications and slides:
> > > > http://www.deri.ie/about/team/member/benjamin_heitmann/
> > > > http://www.slideshare.net/metaman/
> > > > https://www.researchgate.net/profile/Benjamin_Heitmann/
> > > >
> > > > public PGP key available at: http://keys.gnupg.net/
> > > >
> > >
> > >
> > >
> > > - --
> > > Do *you* have an awesome idea you never quite manage to do?
> > > http://www.awesomefoundation.org/en/chapters/liverpool/
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.12 (Darwin)
> > >
> > > iEYEARECAAYFAlLA0ScACgkQhRiKo+HhcsDhRACfRCwVZumd3gxZcffzxGjJQ+B8
> > > 4agAoIRkz1+rNCm1lN5T6s6S9pUc/XUx
> > > =Lppo
> > > -----END PGP SIGNATURE-----
> > >
>
> --
> Do *you* have an awesome idea you never quite manage to do?
> http://www.awesomefoundation.org/en/chapters/liverpool/
>