I’ve popped into noisebridge a few times over the past few years and stopped by for the last weekly meeting and was told to post here as I’m looking for interesting projects that fit into one or more of a few subjects I’m pursuing.
I’d categorize myself as only mid-level at best in these subjects, I’m trying to fill out my skills as I’ve specialized more towards specifically programming/apis and web architecture in my career, but I’m eager to tech up and have time to spare.
Networking (bridges, relays, subnets, openvpn vs socks vs ipsec) - probably not til next space since all the networking is getting torn down imminently but sounds like there will be lots to do in this regard once we’re getting set up again
Linux security (iptables, live distributions vs qubes vs virtualization vs hardware isolation, categorizing threat models) - I’ve heard from a few people about the arcade cabinets, are people still congregating on fridays to poke at it?
Live USB systems (tails, custom debian builds) - Would be really interesting to dig through exactly how tails is set up and why they made the various decisions they did, what alternatives there might be, etc. Interested in general strategies and tools around computing without persisting to the local machine.
SBC networking devices (rasperry pi as a server/gateway, ddwrt, portable devices and mobile modems, minimizing cost) - maybe a get together sometime to trade notes about promising low cost single board computers as it’s rather tedious to do endless searches trying to find the cheapest combination of A, B, and C.
Cryptography (strengths/weaknesses of different approaches, maybe digging into the math behind it, general high level strategies to designing complex encrypted systems, analysis of encrypted systems [eg protonmail’s system where the password is never sent to the server]) - Spoke to kinnard about the cryptoforest stuff which looks great so far
Privacy/Anonymity/Decentralization (technical or non-technical, tor, syncthing, ipfs, dat)
Some projects I hope to take a stab at soon:
single board computers as decentralized nodes at home (maybe at noisebridge too? I’m guessing there’s already a lot of that set up there) both as networking practice and to donate some bandwidth to the services
hackable mobile hotspot that takes in a sim card and broadcasts wifi that gets encrypted through tor and/or vpn(s) before/after the tor connection and has a web interface, perhaps along with nice physical switches (hopefully less than $100 each but not sure if that’s possible… could almost do it with a cheapo burner android…)
“dumbphone” - cheap smartphone that has apps preinstalled on it, all of its radio interfaces (aside from in the visible spectrum) physically severed, along with the data pins of the usb, and is sealed with epoxy to prevent tampering to make a basically hack-proof personal device. Possibility of transferring small amounts of data like text docs via “QR-code video” between phones
I guess post a reply if you’re interested in any of these topics or projects and would like to brainstorm about something to meet/collab about!
I’m Steve. I run Qubes as my laptop OS, I’ve headed about 10 cryptoparties/security self-defense workshops over the past few years, I am now in charge of Noisetor (though I haven’t done much yet), and I’m currently building end-to-end encrypted task management software for activists. Sounds like we should chat!
Might want to skip the GSM modem altogether and just hack one of those cheap prepaid Android phones into oblivion. Assuming you can get root and flash yourself whatever AOSP variant you prefer, you’ve got the GSM modem, a respectable ARM processor, wifi, Bluetooth, camera, GPS, IMU, and mic on a native linux hardware platform for the low, low, Wal-Mart subsidized price of $30. Hard to beat that deal, and it’s always heartwarming to know that a global corporate superpower with more hoarded wealth than most small countries is unwittingly sponsoring the greater good.
I believe Amazon is also offering similar subsidies, in various phone and tablet form factors.
Yeah that’s a possibility though if one isn’t able to root an android phone then there’s very little that can be done with it as far as encrypted tunnels combined with mobile hotspots go because it only allows one vpn at a time so you can’t chain them and the mobile hotspot sort of counts as a vpn already? Or maybe it just isn’t affected by the vpn can’t remember… But yeah if it’s rootable then there’s more options. Downside of a phone is there’s no ethernet port so using it to tunnel a whole network rather than one device would be a little awkward (unless you only use wifi and in a small room), and using it to tunnel your connection from a public wifi would be a bit awkward (unless you were using a laptop and connect via USB (can phones USB-tether to each other? I kind of love that idea actually haha) or if you use Bluetooth I guess) yes I nest parenthesis.
Ideally I’d want 2 ethernet ports, pcie for mobile modem, sim card slot, wifi… If it had all those somehow then it could really cover quite a broad set of scenarios with very little technical knowledge required.
I guess a better approach would be to focus on one scenario that some pi i already have covers and work on the software that controls toggling the vpns and providing a web interface. If I’m lucky maybe openwrt or something like that would be good enough
Nice, yeah I’ve been hearing a lot about people’s open and sudoroom since i started this thread, definitely going to have to make it over there at some point… Too bad I’m almost in Daly city haha not the quickest jaunt but I’ll get over there at some point.
Good to know about ipfs… Maybe I can lurk til I can catch a double feature of events from both in one day lol
Cool! I’ve added it to my notes. Scripts like this will be useful should going the distance with an rpi approach make it to the top of my queue. This would be a fantastic platform to run it on - http://espressobin.net/tech-spec/ especially for home use purposes (a bit bulky for mobile use, but possible!) one port could be upstream, one could be downstream protected by tunnels and the third could be downstream for clearwire.
When I’m able to prioritize I’d like to get some public services (eg tor relay, syncthing relay, etc) running at home hidden behind a vpn so that if i somehow screwed up and someone got access to a machine they would at least have to break through the vpn gateway to get access to my home network.
I actually managed to mostly achieve the mobile router project via a lineage os phone… OpenVPN Connect for vpn connection(s), orbot for tor, vpn-hotspot to feed the wifi/bluetooth/usb hotspot into the android vpn, AFWall+ for iptables (possibly conflicts with vpn-hotspot which seems to also use iptables maybe?) firewall to block any connections from the phone itself, and a lot of fickle daisy chaining between all of the above with setting up proxy destination and listen ports. Definitely not ideal! But cool that it’s possible with zero scripting, just not sure how much I’d trust it to be leak-free but because it’s all going through the same tun interface then you pretty much just need to block udp and ipv6 which very worst case could be done from the client… It also shows it could be done with a more comprehensive app that has vpn tunneling built in and depends on orbot, or has tor built in (though i think tor is best kept as an external dependency to make it easier to stay up to date) but yeah fun stuff. I’ll probably return to it as a project once my rpi tooling has settled a bit more.
Hi @elimisteve I’m John and that all sounds super cool! Interested to hear more about all of it. I’ll ping you sometime tomorrow on keybase to sync up, I’m probably stopping by the weekly noisebridge meeting tomorrow evening as I’ll be in the area grabbing a craigslist router anyways lol do you usually go to that?
I ran across that one too and it was disturbingly similar to what I had in mind haha mildly disappointing that I didn’t think of it first but much more relieving to be able to skip spending the time to write it If I end up pursuing that project I’ll definitely be seeing if that can fit in somehow since it sounds fairly perfect particularly the description of it on another page - Introducing TXQR, data transfer via animated QR codes | Packt Hub
Thanks, I got a BalenaFinv1.1 (rpi CM3L-driven board with a bunch of extra shit attached) just recently to kinda prototype it figuring it should be able to handle whatever’s needed and then I can find a leaner approach if it works and is useful. The part I’m most concerned about is having it use a mobile modem with a sim card (at a reasonable price point), though having scripts like that one mentioned in the first result “RPI-Wireless-Hotspot software script by Harry Allerston” sounds very useful as a reference on the software side, thanks. After I get that ethernet-driven version working then I’ll take a stab at the modem.