[NZLUG] Privacy server

Rob Connolly rob at webworxshop.com
Fri Jun 21 09:16:07 NZST 2013


On Thu, Jun 20, 2013 at 10:36:55PM +1200, Robin Paulson wrote:
> On Thu, Jun 20, 2013 at 08:10:25PM +1200, Martin D Kealey wrote:
> > Take this to its logical conclusion: a large federation of small servers
> > which *are* on residential ADSL; everything replicated everywhere;
> > basically, email-over-peer-to-peer-swarm.
> 
> marvellous, i love the sound of it
> 
> > Every outbound message would be handed off a number of times within the
> > swarm before transmission to the target MX; every inbound message would be
> > replicated across a number of nodes before being "acknowledged", and then
> > replicated further until eventually the recipient's machine is included in
> > the replication. The recipient can send signed expungement notices to the
> > other nodes.
> 
> would this mean email could be "received" even if the target server/malbox was 
> offline?
> 
> > The "public" point is then the signed authoritative DNS; everyone in the
> > group has rights to update the zone, so they can add themselves, and remove
> > anyone else who's fallen off the net. Everyone also knows the UDAI keys so
> > that the authoritative DNS servers can be changed multiple times per day
> > (every 4 hours for a .nz zone). Everyone knows that the DNS has been
> > hijacked because they can no longer use their keys to log into the current
> > DNS server to change its records.
> > 
> > (This idea is a work-in-progress; the basic idea is to minimize the
> > centralization will maintaining security.)
> 
> absolutely, decentralisation is always the way. as well as 
> duplicating/building in redundancy, this removes the problem of how admin is
> done: no problems of having to choose one admin to look after one piece of
> hardware. and no problems of making decisions which everyone must adhere to
> 
> i'd go one step further though, and suggest some form of distributed, encrypted 
> data store as well, so my data is also stored on a number of other servers, but 
> so only i can see it.

Have a look at git-annex [0] for this. It was originally designed to
solve the problems with git when storing large binary files, but has
developed into a multipurpose tool for managing distributed storage and
syncing.

As well as your local copy (which is a git repository+git annex's data
storage pool) you can use 'special' remotes which can be encrypted. Data
can be distributed throughout all configured remotes and the system can
automatically maintain redundancy (so there will always be multiple
copies of a file). Data transfer generally goes over SSH.

There is also an automatic mode (called the 'assistant') which aims to
be a dropbox alternative. It provides a web interface for setup and
configuration, although you can still use the command line tools for
more advanced stuff. The assistant can do pairing over XMPP for syncing
between multiple devices or sharing between friends. End to end encryption 
is due to be added to the XMPP transfers soon.

I'm also wondering if the Raspberry Pi might be suitable for the
hardware end of this. They have the advantage of being cheap and easy to
get hold of, but the hardware is pretty underpowered. Perhaps each node
would need to be made up of several Pis.

Cheers,

Rob

[0] http://git-annex.branchable.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.nzoss.org.nz/pipermail/nzlug/attachments/20130621/c807824e/attachment.pgp>


More information about the NZLUG mailing list