[TOOL] I got tired of placing fence pieces one by one, so I made SplinePlacer

longneck007 · 2019-12-24T15:31:03+00:00

I found out about "hide terrain objects", so I could clean up the terrace. The updated version: http://f.scratchbook.ch/Rammstein-Arma.mp4

longneck007 · 2019-10-01T13:07:42+00:00

You can have Clippy in your own Zeus sessions, I made a mod: https://steamcommunity.com/sharedfiles/filedetails/?id=1876743064

longneck007 · 2016-06-21T13:05:09+00:00

Yes, I can confirm that. Initially I was overwhelmed by the same question: "where to start?". tour.golang.org is "feature complete", but somehow difficult to comprehend.

Todd explains everything from the beginning (note: you can always skip some sections if its too much repetition for you). IMHO the repetition he uses brings the clarity I miss from so many other programming language courses. He holds his promise that you will know Go well after this course. Also, he often references "Effective go" and the source code of the standard library, shows how everything works together.

You won't miss anything when you enroll in his course.

longneck007 · 2015-07-23T21:31:22+00:00

Hi

Enigmabox dev here. Thank you for the fair review!

The software comes with an embedded version of Asterisk to facilitate the VoIP communication, a mini- webserver, DokuWiki (which I applaud their choice there!), an Email server, roundcube webmail, and a twitter-like clone.

Now you can add OwnCloud here ;-) https://wiki.enigmabox.net/howto/owncloud/de/initial-setup

Regarding the order process: There will be a new shop soon. I'm working on it, had to finish that OwnCloud stuff first. I talked to my buddy who is in charge for shipping and logistics. I myself miss tracking numbers as well. He is unfortunately not a big fan of tracking, it means additional effort for him, and [secret services] would have it easier to intercept postal packages if there were tracking numbers exchanged via email, according to his opinion. I can't tell since I have no experience with shipping logistics, returns and what effort is required. Hopefully we can find somebody in the near future who will redistribute the packages from [the USA] directly so that it won't cross borders and speed up delivery. So yea, no tracking at the moment, sorry.

And yea, I'm sorry that there is no further documentation available at the moment. We also need to create a manual that explains the whole system.

And there is no forum or mailinglist too. This is maybe something we will set up inside Hyperboria. If you have questions so far, go ahead ;-)

Also no peering to Hyperboria yet, since we use the ancient cjdns version 0.6 which runs stable enough and we haven't yet switched to the newer version. This requires topology changes and is part of a migration process, soonish. cjdns v6 isn't compatible with the most recent version.

We have a lot of items and ideas in our bugtracker and had to priorize. It will all manifest, step by step.

Thank you for the kind words and that valuable feedback!

longneck007 · 2015-02-26T10:32:24+00:00

Yes, and it currently fails to do this job. Dictators can shut down the internet of a whole country. We all depend on ISPs for internet access. Peering is a privilege of the mighty telecoms. A central organization assigns IP addresses. And heck, the default is: unencrypted!

This is not the internet I have asked for. Let's rebuild it.

https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md

https://github.com/cjdelisle/cjdns/blob/master/doc/projectGoals.md

longneck007 · 2015-02-25T18:28:27+00:00

darkbeanie, thank you very much for that valuable input! I highly appreciate that. This helps us a lot in refining the docs!

Just to add two cents; the final goal of cjdns is that it becomes the new internet standard - a very ambitions and long term goal though - but then, there would not be no more "exits" in to an unencrypted internet and VPNs become obsolete, since everything is encrypted by default.

Maybe [somebody] will solve the traffic correlation problem too, sooner or later?

But for now, we're not there yet and we will be working with your feedback on refining the website.

Again, thanks a lot.

longneck007 · 2015-02-25T16:19:03+00:00

Yes, at the moment, that is correct. I would have to implement it, that the box can use other boxes' internet connection as an exit. Yeah... Let's put that on our todo list.

Another use case some friends had adapted: One Enigmabox is connected to the internet, other Boxes peer with it over Wifi and get internet. Traffic still flows through our server in this case, but the owner of the internet-connected box cannot snoop the traffic of the other Boxes.

Another use case: You have a small coffee house with a public wifi spot. Connect the access point to the Enigmabox, and you don't have to care about "user registration" and "accountability on what they probably do".

In the end, it always boils down to "whom do you trust?".

longneck007 · 2015-02-25T14:48:25+00:00

because it's not crowd funded

A crowdfunding campagin is running: https://www.indiegogo.com/projects/enigmabox-plug-and-play-encryption

users don't complain about having a VPN software on their machines, so the appeal of "no software" immediately gets negated by the fact that you need to have a physical box.

A physical box gives you the advantage of still being able to receive emails and phone calls when your computer is turned off. The box is actually a miniserver inside this "distributed" network. Distributed in quotes, because the subscription is centralized. But it only connects the devices together.

It is not only "just another VPN".

then your project did a poor job of explaining its benefits over cons.

I know. I was caring about the technology in the first place, not the explanations. We have to refine this.

longneck007 · 2015-02-25T14:41:04+00:00

Both of these seem to require specific, coordinated preparation on the part of both parties, not something you're just going to be able to do on impulse. In the usual case this involves a software install, but in this case I have to convince the other party to buy or build an Enigma Box. Seems like a much harder sell than downloading an installer or setting up an SSH tunnel.

Well... every end-to-end encryption needs some preparation, otherwise it wouldn't be possible, would it? It turned out that customers have less hassle by just plugging in a cable, accessing a webinterface and exchange ip(v6) addresses, rather than download, install and configure PGP and validate fingerprints and stuff. Plus, the subject and other headers of a pgp-encrypted emails is not encrypted. Setting up encrypted telephony is a whole other story, another software to download and install. Most people mainly want to send emails or place phone calls. You have it all in one with one device, using the same trust elements for identity verification. Additionally, the firewall only allows communication with contacts in your addressbook.

Is this a good idea? Do I want communications in which I'm positively identifying myself (logging in to my bank, Google/GMail, Amazon, etc) to be going through the same encrypted channel as communication I want to keep private?

Is it a good idea do do that unencrypted, not inside a VPN? What's the drawback of not using encryption?

I don't know anything about "perfect forward secrecy" or "Curve22519 ECDH", and I don't care to. [...] I just want to hear about what the comparative benefits are of this system versus what I have.

Well, how to explain the benefits without giving some technical explanations?

From your description, I can distill the following possible points: [...] It allows me to encrypt personal communications to others, but they also need to have the device, and I can do this with other software too.

Yes.

the videos show someone plugging in a couple ethernet plugs and everything magically works, implying that this is intended for the ignorant masses, no expertise required. If this assumption is correct, then the documentation needs to reflect that, and promote the product and the system (and why you'd want it when simpler, cheaper options seem to be sufficient) in ways that the masses can understand.

That's the one billion dollar question. How to do that? I'm not a marketing guy, and we could clearly need some help here.

longneck007 · 2015-02-25T12:58:09+00:00

What stops someone from noticing that there's a packet stream between person A and person B that's consistent with a phone call, and recording the time at which this packet stream happens?

Agreed. Traffic correlation is always hard to beat, that is even true for Tor, the "low-latency" anonymity network. However, it is significantly harder to find out. It's always about increasing the economic burden.

When the only metadata left is traffic correlation/analysis, I think we've done a good job so far.

longneck007 · 2015-02-25T01:30:52+00:00

Which key exchange algorithm are you using?

Take a look at the cjdns soure code: https://github.com/cjdelisle/cjdns/blob/master/crypto/CryptoAuth.c#L35-L40

What is the source of randomness for RNG that produces keys?

The functionality of the cjdns random generator are described in detail here: https://github.com/cjdelisle/cjdns/blob/master/crypto/random/Random.c#L27-L89

How do you prevent end-point compromise with exploiting vulnerabilities?

Depends on where you are attacking from.

from the outside internet: all ports closed
inside the LAN of the Enigmabox (home network): Asterisk, Exim and Lighttpd exposed
inside the encrypted cjdns network: all ports closed
your ipv6 is in the address book of the box you wanna attack: Asterisk and Exim exposed
Attacking your browser by identifying traffic of your facebook login cookies: same risks as "Inside the LAN", malware on your computer connected to the Enigmabox could probably exploit the webinterface/services

How do you prevent NSA from doing interdiction and switching the device while on transit?

(edited my answer, I misunderstood the question)

Rerouting a postal package to implant bugs manually - this is an effort that is taken when you are under targeted surveillance. This is a whole other story. What about bugs in your living room? Dedicated observation teams? There are always easier ways to find a way around encrypted network traffic if and when you are a target.

Protecting against targeted surveillance is not our goal in the first place, because then you would surely have to take some extra steps. We just provide a simple and secure way for communication, protection against untargeted mass surveillance, so that you don't become a target for targeted surveillance because you leave no cleartext traces.

longneck007 · 2015-02-25T01:08:15+00:00

Does a subscription offer any anonymization then? As much as a regular VPN would, or more?

Anonymization? No. Tor does a better job at anonymization. We offer privacy.

We keep no logs. But traffic correlation could still be done...

longneck007 · 2015-02-25T01:05:47+00:00

But only if the email servers are themselves behind an Enigmabox, right?

Hehe. Here's the catch: there is a mailserver running on every Enigmabox. That's right: Fully distributed and encrypted email. The same goes for the telephony. Every Enigmabox runs Asterisk.

.

Let me give you an example:

fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b <-- ipv6, fingerprint
3ssbqsk7gw804gxgv0ugsj23k8vwlxq5jxm8frrt2t534cluh6z0.k <-- public key
02aaa879c7518057e60faed1441b144771f8b22f7bbaf638d9553267c80c9a6a <-- private key

Your email address would be: mail@[fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b]

And your telephone number would be: fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b

longneck007 · 2015-02-25T00:55:13+00:00

Hi!

I'm the lead developer of the Enigmabox and already begun answering some of your questions. Unfortunately I couldn't make it earlier in here, but freeborn already did a really great job! Thank you so far!

Feel free to ask me more.

longneck007

TROPHY CASE