Replace TCP, application layer comm framework.
instantwebp2p - node fork that supports UDT. congestion control - optimal usage of bandwidth flow control - avoid overwhelming the receiver. window based - no packets in flight rate based - inter-packet wait time
UDP not part of browser, so no browserified client-side version possible UDP for easier hole punching...
A TCP where you can choose you're transport tradeoffs.
web mostly assumes consistent low-latency network
"build for the person crossing the desert on a solar powered bike with occasional connectivity and it'll cetainly work for the person in mountain view on gigabit fibre"
"one weird trick to fix web-crypto" default mechanics concentrate power to service providers over their users. "if you go away, we're fucked" "if you go oracle, we're fucked" "we're fucked"
robust service that work without network
"if you use a screwdriver you don't want to check if screwdrivers.com is up."
make running and explotative business a lousy business model.
cache manifesto
Use the manifest file + far futre expires + cache headers to make web pages permenant.
Commodites of a network system
- disk
- compute
Facebook has thousand of servers. Facebook users have vastly more service power than facebook.
"hay facebook, we don't need you, we have all the service infrastructure we need"
the more people join the better it works, see bittorrent.
INFINTE SCALING: offline!
how about... offline-realtime !important
page-bus: the offline websocket like thing via service workers.
hyperboot -
authentication - mozilla persona is winding down. "owning a users identity across the net is extremely valuable..." - techcrunch.
de-centralise: you are the hash of your private key.
"best docs for
window.cryptoare the IE 11 docs. I shit you not"
keyboot - oauth-like, client side, auth.
forkdb - key value store. For every key there can be 1 or more values.
** git meats key/value **
"if we get rid of this terrible idea that has plagued databases for ever that ...there shoud be one, canonical value for each key ..which is a lie"
"you have mutliple versions of the truth. cos who can say what's true and what's false. Not me, and certainly not Jimmy Whales."
"you don't wast time figuring out why you can't push or why your document is in conflict mode or some shit like that. it's push and forget! You push and it's someone else problem."
"It's like a realtime, collaborative... fucking... editor."
"During the first crypto war, I was learning QBasic" "magic - anything that's credible and shuts up physicsts" "you can become completely anonymous on the net* " "*if you don't piss off the FBI." Anonymity is Isolation. We can all fight for our privacy/anonimity, but then no one can help you without giving up their anonimity In a closed society where everybody is guilty, the only crime is getting caught. if you've already broken some law (filesharing etc) then you can be arrested at anytime for anything.
1st wave - privacy (GPG etc), peer to peer, trust noone / everyone. Fails. 2nd wave - everyone know everything, no point in going after an individual.
Tech? Federation over pure P2P. bittorent beats gnutella.
scope creep in security is paranoia
"Dream of the world we want to live in" "free love, robots do all the work, there's food everywhere... but really, how do we deal with resource allocation given the mess we have now."
knowing speaker context helps you determine meaning.
"It's not only about coding"
"let's not talk, let's code" something is wrong with this. It's our conversations that effectively change the world. feminism didn't change the news in order to effect the change, it was many private discussions that changed the news.
If you're alone in front of a group of people you don't know it's natural to assume they want to kill you
0 tier 1 - IP over P2P networks (drivers for linux, osx, win)
like a global ethernet, any device can reach any other even behind NAT.
@see: de-centralisation I want to believe
Speakers house in Friburg, Black Forest. We're all invited. Say you were at squatconf.
Efficient, Secure, de-centralised - pick two
bitcoin is secure & de-centralised, but isn't efficient
If you did the same volume of transactions with bicoin as the finance industry does, it's not clear that it's any more efficient dtarr: bitcoin does 7 transactions per second Vs visa does jigillions.
If we go for some centralisation, we should go for a blind idiot god. Transparently operating on our behalf, see not google etc.
theory and thinking about stuff defines the limits of what hacking can achieve.
people want decentralised conversations. youtube / gmail / facebook, all de-central in terms of the converstions. we can all publish and view, it's just the wiring, the platform, that is centralised.
so we really want multiple federated ownership at the platform level.
most artists want to get bought up by an agency / major gallery. most startups want to get bought by a google / facebook.
centralsed services won, by presenting a giant cash machine. Promise monitsation in the future to invest in more tech & design now. Get a million users, worry about paying the bills later. Get everyone in first. it'll pay for itself in the future through ads, by virtue of having all the users.
Gene Youngblood: life isn't measured by the number of breaths we take, but the number of moments that take our breath away.
"Imagine the utopian scene where people flood out of there home en masse, filling town plazas around the world, in protest... demanding a free and open internet. What would need to happen in order to get us there?"
we can't get to the problem because we can't get to each other. Communicate with as many people as possible.
idios - private person
70% of the networks in turkey during the protests, were opened up. The govt shut down the mobile network, so people unlocked their wifi. The locked ones were because people could't figure out how to unlock them so they wrote the credentials up on their wall.
internet, the great tool for communication and creation at scale is the unprecedented tool for social control.
talking about it is how you change things. talk to your neighbours. you have a finite aout of attention in your life, do you want to spend it on the financial times that has no vested interest in changing anything fundamental...
- low powered, 10x slower than regular (0.2 Mbit/s), 0.01W power consumption
- low cost, flexible dev.
BLE has in-band key exchange, hand rolled from the bluetooth spec team, and it's broken. you have to do your own application layer crypto, over the broken crypto, but the devices are typically low powered, so it's slow.
-
service - collection of data,function of a periheral (collection of characteristics)
-
characteristic - a single aspect of the system, and how it can be used.
-
all defined by UUIDs, there is a somewhat useless bunch of 16bit spec defined ones, and 128bit userland defined ones.
-
periferals broadcast advertising packets, server scan for them.
-
Beacons are just specially formatted advertising packets, that are set to emit faster than usual, with proximity based / sig strength location
-
ibeacons are apples version.
characteristic properties can be:
- read
- write (hard limits due to typical low power devices)
- notifiy
@see noble / bleano on npm, BLE for node.
Using BLE to sign bitcoin transaction
-
microcontroller signs the thing, passes back the signed thing... BT classic may be better due to speed of BLE processing.
-
nordic semiconductor NRF51 - recommended!
-
intel edision
-
DIY - RFduino.
aquaponics control. layer zero labs l0l.org.uk / incredibleaquagarden.co.uk
Tech: Pi, Arduino Mega, wired temp, water & current sensors, wireless light sensors
So many shields...
each sensor has an arduino like object, using RFM12B to talk. MQTT messages sent to a master Pi. Node RED allows visual coding of the sensors.
kind of issues: installation requied more cabling than in the lab. Many sensors stopped working. Pi crashes every few weeks. Industrial grade power supply fixed some issues.
battery powered wireless sensors, typical 2 year battery life due to good sleep scheduling. 3g basestation triggers text alerts all logging data to cassandra... until Anton fixed it!
freebord.io for fancy dashboard of sensor data. swagger for api docs.
open source all construction details. Prefer similar open source providers for components and services.
amazing poem follows.
we need an api to do user centric crypto in the browser
People were rolling there own crypto in the browser which is kinda dangerous.
we know theres good cryto somewhere in your OS or browser, we just wanna expose it
singularity? I can't wait for a super ai to emerge and fix all the browsers
IETF certificate transparency is a good idea.
If you don't trust the network to deliver a password and you dont trust the server to keep user secrets you can't trust them todeliver security code...
crypto.cat
on web crypto api
we can't tell them to use the apprpriate amount of entropry, but we can make them use the right JSON objects
"we allow people to do all sorts of things... perhaps too much" to any cipher modes
Working on geting non NIST ciphers in to the spec.
what is NUMS curves ECC curves, Curve 25519, FIDO alliance - large companies want kill the passwords. everyone ends up rolling your own 2 factor auth, so we'll probably standardise something around that.
Credentials API standards based oauth-like thing. Ryan Seevi (google) did most of the work.
The first rule of crypto is don't roll your own.
web designed without cryto in mind. it's for scienctists to share docs. HELP US! review the spec.
we're like the katecon, the binding force that prevents the comming of the apocolypse.
without the w3c you probably wouldn't have the open web.
even thought it's old fashioned, it does the job of preventing the total takeover the space.
theres probably forces out there that'd like to subvert the crypto api, so we're calling for open review. Read the code!
economic slow down and eco crisis leads to social control.
we can do integrity and auth without states
if we're gonna bet our future on this de-centralised, secure web, we should all audit it.
due to historic access we have bodies that are full of mostly old people, they want more energy and bodies involved. if you can put a good concept out and get motion behind it.
activists are using rise-up mail store. Racks have actually been take by state agencies.
so, we need to stop using 1 big service for all activist projects.
crypto should be simple to provide and easy to use. Running your own email server is a fucking nightmare. we don't have any excuse for having unencrypted communicaions. we take it for guranteed that we are not being agressed.
gpg-for-win-for-journalists : WTF
we have to decentalise everything. maybwe we don't have the solution to the facebook problem but maybe we solve the email problem.
we live in an ivory tower. "everyone has an android... it's a lie". We're not solving the hard/core/boring problems (email / cypto), just the novel ones.
we cannot keep living the the superadmin metaphor...we're not solving that one.
using puppet for deployment. easy deployable vpn's and simple encrypted email. see soledad
nickname - hide complexity of keyserver.
bitmask - encryption for mortals (VPN)
decoupled so you can create your own client. (current one is Qt), we'd like a nice html frontend.
"Let's overthrow capitalism" "Everyone quit your jobs and stop paying rent. Simlutaneously."
mass communication and agreement is the hard part.
bttorrent <-----------> bitcoin
bittorrent - flat hash table bitcoin - giant linked list. - brilliant/novel - terrible/ hidesously inefficient. (7 ops per sec) (IS NOT WEBSCALE)
game theory - prisoners dilema (2 captures, charged with a crime. your friend confessed. you stay loyal you both get off with mild trouble. if you cordinate you get the best global outcome. if you rat your friend you get best personal outcome if you rat each other out you get the worst personal and global outcome )
both systems are stuck at the worst (zero trust) scenarios. How do get the other computers not to lie to me? How do you get distibuters to trust each other.
"a bad plan is better than no plan" From a user perspective goog / face are already socially decentralised. Let's map the software on to that. dominctarr/securescuttlebutt.
a nautical term for gossip, the cask that todays water ration comes in. a paper by amazon about gossip protocol. i wanted to build something else but this is the dumbest thing that i could build. to get something successful it's metephor alert: tor is privcey veegans, less tech is for privcey vegans. we need to get everyone who eats at mcdonalds to be vegetarions you can't win on ideological reasons, you have to win on convinenece / fun / novelty to get mass users.
email is fundamentally unsolicited messaging. twitter is solicited spam. email spams tricks are not a problem on twitter as you don't follow people you don't trust. aside: a squandered opportunity. you used to be able to write your own client. open then closed. like robber barrons. they get free land along the side of the railways, the sell it to out of townsers (cheap rail access / a new life.) at critical pop density, jack up the rail prices.
we need a service.
the buzz of bitcoin is alot about blockchain programming. Building on top of infrastructure. but adapting it to other applications needs a new computer science proof. Far simpler is to use a reputation system. These are the people i trust, these are the people my friend trust. this is like how humans work (bankers, miltary, all the things.)
can we scale the trust system?
trust is more efficent / scuttle butt is a scaleable trust network. data model is basically twitter. You have a feed, your friends have a feed.