Hi all.

Just a quick request to solicit for any feedback you may wish to share
about fsxNet.

If you have any thoughts on how things are going at present, stuff you would like to see more/less of, ideas for echos/file areas etc to add/remove etc. Stuff that could be done differently or things reinstated etc.

You get the idea. Any feedback good, bad or otherwise appreciated.

Can you ** please ** post any replies here in FSX_NET and not elsehwere. I
just want to keep all the fsxNet stuff in the echo set up for discussions
about it.

[snip]

FSX_NET - Discussions about fsxNet. Chat about current network operations, plans for the future and how to best implement them.

[snip]

Thanks in advance.

Best, Paul.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote to All <=-

Just a quick request to solicit for any feedback you may wish to
share about fsxNet.

If you have any thoughts on how things are going at present,
stuff you would like to see more/less of, ideas for echos/file
areas etc to add/remove etc. Stuff that could be done differently
or things reinstated etc.

I think things are going well at present. It seems that the "no
politics" ideas have finally sunk in and that is better than it was in
the past.

The network continues to grow and that must be a Good Thing.

The one comment I might make is in regards to echo areas... We have a
"BBS Support/Dev" echo. Do we *really* need additional seperate echos
for Mystic, Magicka, Enigma? They get perhaps one post per day.
Couldn't all of them be supported in the one echo? Along those same
lines, would there be any interest in a new echo generally aimed at
"hobbies"? Something like Hobbies/Projects Discussion ?

No big issues in any case, thanks to you and the others who run it and
keep things going smoothly!



... Backup? I've never had troub**&{[} 3$$ERROR
=== MultiMail/Linux v0.52
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Avon wrote (2021-05-04):

You get the idea. Any feedback good, bad or otherwise appreciated.

1) Long names for the echomail areas:

FSX.BULLYING_BOARD_SYSTEMS - everything BBS
FSX.CRYONICS - how to survive death
FSX.DATHEADS - Digital Audio Tapes
FSX.ENGLISH - for native speakers only. No Denglisch plies! FSX.GENETIC_ENHANCEMENT - DIY biohacker stuff
FSX.HAMBURGERS - and beyond
FSX.MAGAZINE - your weekly FSXNet magazine
FSX.MYSELF - new to the network? introduce yourself
FSX.NET - meta
FSX.ROBOTS - small and big
FSX.STASIS - how to survive the apocalypse
FSX.TESTTOSSTERONE - testing testing one two three


2) Better message threading (in FSX_GENERAL).

No idea how to achieve this.


3) Binkp session encryption for all hubs


4) Better privacy

---
* Origin: . (21:3/102)

Twas Wednesday, May 5th when Avon said...

If you have any thoughts on how things are going at present, stuff you would like to see more/less of, ideas for echos/file areas etc to add/remove etc. Stuff that could be done differently or things reinstated etc.

I'd love to see SSH officially supported (or maybe it is and I've missed it), and maybe even required for particular echos -- something to think about.

Other than that, if it aint broke don't fix it (and I don't think it's broke)


--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Avon wrote to All <=-

If you have any thoughts on how things are going at present, stuff you would like to see more/less of, ideas for echos/file areas etc to add/remove etc. Stuff that could be done differently or things
reinstated etc.

You get the idea. Any feedback good, bad or otherwise appreciated.

Well, I don't have anything very constructive but still enjoy reading the
echos here. :)


... Gone crazy, be back later, please leave message.
--- MultiMail
* Origin: Possum Lodge South * possumso.fsxnet.nz:7636/SSH:2122 (21:4/134)

On 04 May 2021, 08:12p, Avon said the following...

If you have any thoughts on how things are going at present, stuff you would like to see more/less of, ideas for echos/file areas etc to add/remove etc. Stuff that could be done differently or things
reinstated etc.

I think we all need:

more beer
more hours in the day
higher pay

Oh, wait... Wrong list...

fsxNet. Here we go. This is what we need:

more beer ;)


---

Black Panther(RCS)
aka Dan Richter
Castle Rock BBS
telnet://bbs.castlerockbbs.com
http://www.castlerockbbs.com
http://github.com/DRPanther
The sparrows are flying again...

--- Mystic BBS v1.12 A47 2021/04/20 (Linux/64)
* Origin: Castle Rock BBS - bbs.castlerockbbs.com - (21:1/186)

Am 04.05.21 schrieb Oli@21:3/102 in FSX_NET:

Hallo Oli,

FSX.HAMBURGERS - and beyond

But do we have so many users from Hamburg here? ;-)

2) Better message threading (in FSX_GENERAL).
No idea how to achieve this.

This is the job of the message editor used by the users.
But yes, this is a problem that cuts some threads into smaller sub-threads with no connection between the messages.

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

acn wrote (2021-05-05):

2) Better message threading (in FSX_GENERAL).
No idea how to achieve this.

This is the job of the message editor used by the users.

That's the problem, there is no easy way to fix it. Or is there?

But yes, this is a problem that cuts some threads into smaller sub-threads with no connection between the messages.

For me this is the biggest usability problem in fsxNet. It works fine in othernets (like Fidonet), so it's not an FTN problem in general.

---
* Origin: . (21:3/102)

Am 04.05.21 schrieb Avon@21:1/101 in FSX_NET:

Hallo Avon,

Just a quick request to solicit for any feedback you may wish to share
about fsxNet.

I'm here since ~December 2020 and I found a very nice network that
welcomes new people with open arms.
And although it shares the technology with FidoNet, it isn't as narrow-
minded and strict to the "rules".
fsxNet really stands to the "fun, simple, experimental" - and I like it a lot!
Also, it's great that it's one of the more active networks :)

If you have any thoughts on how things are going at present, stuff you
would like to see more/less of, ideas for echos/file areas etc to
add/remove etc. Stuff that could be done differently or things reinstated etc.

The only thing I'm thinking about:
- Consolidate the several BBS software support echos into FSX_BBS
- maybe create a RetroComputing echo? :)

And for the InterBBS games, a documentation for Synchronet would be nice
:) (or did I just not see it?)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Am 05.05.21 schrieb Oli@21:3/102 in FSX_NET:

Hallo Oli,

This is the job of the message editor used by the users.

That's the problem, there is no easy way to fix it. Or is there?

I don't know, as I did not look that deep into this subject.
Someone could look at a significant number of messages with broken "reply
to" kludges and tell which message readers break them to address the
problem.

For me this is the biggest usability problem in fsxNet. It works fine in othernets (like Fidonet), so it's not an FTN problem in general.

That's right. I mostly see this problem, besides here, in messages areas
with messages gated from Usenet.

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: fsxNet Feedback
By: Avon to All on Tue May 04 2021 08:12 pm

Just a quick request to solicit for any feedback you may wish to share about fsxNet.

As far as I know fsxNet is a great net, and has been since I first joined.

We could use more areas, just what areas I am not sure. I wouldn't want to see a long list of areas that are not used but a healthy list of areas where people can talk about... things. :)

I have been thinking of starting a new FDN for gaming related files. I am something of a gamer. I like games like Doom, Quake, Unreal, Duke3D and others.

If that fits fsxNet and the users are interested in that we could do that.

Ttyl :-),
Al

... AAcckk!! II''mm iinn hhaallff dduupplleexx
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

On 05 May 2021 at 02:58a, Al pondered and said...

We could use more areas, just what areas I am not sure. I wouldn't want
to see a long list of areas that are not used but a healthy list of
areas where people can talk about... things. :)

I have been thinking of starting a new FDN for gaming related files. I am something of a gamer. I like games like Doom, Quake, Unreal, Duke3D and others.

If that fits fsxNet and the users are interested in that we could do
that.

I'm trying very hard not to reply very much at the moment so folks can just
say what they think without me adding to threads... but the idea of a game
echo and some file bases appeals.. I was think also for other echos perhaps something that covers Marvel/DC comics/movies etc... and something about
Space stuff so SpaceX,Nasa etc... anyway I'll be quiet again.

Thanks to everyone so far who's posting thoughts here. Appreciated. :)

Best, Paul

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

acn wrote (2021-05-05):

The only thing I'm thinking about:
- Consolidate the several BBS software support echos into FSX_BBS

Why? What is the disadvantage of low-traffic echos? It's not that echomail areas are a limited resource.

At least keep FSX_MYS seperate or 90% of the messages in FSX_BBS would be about Mystic.

- maybe create a RetroComputing echo? :)

+1

---
* Origin: . (21:3/102)

Why? What is the disadvantage of low-traffic echos? It's not that
echomail areas are a limited resource.

I am open to either way, personally I like having the separate echo for
magicka / talisman because it's easier to find messages I need to reply
to. If I see there's new messages in talisman echo they get my attention
first.

It also allows others to filter out what might otherwise be noise to
them, I'm sure there are plenty of mystic users who couldn't care less
about talisman posts, and vice versa. It's not a bad thing, just not
everyone wants to spend their time on everything.

Though if it were to get lumped back together, I'd still answer messages,
just might be a bit easier for me to miss things.

At least keep FSX_MYS seperate or 90% of the messages in FSX_BBS would
be about Mystic.

Yep. That's how it was before FSX_MYS was branched off.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!|07


--- Talisman v0.20-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

I have been thinking of starting a new FDN for gaming related files. I
am something of a gamer. I like games like Doom, Quake, Unreal, Duke3D
and others.

I second this, I think it would be a great idea to have a couple of
non-bbs related file areas, and a gaming one would be great. Especially
if it encouraged people to make new games / mods for games etc.

I suppose the IMGE and TEXT aren't specifically BBS related, with IMGE
getting wallpapers etc. One thing I'd love to see is some sort of "new"
demo scene. like those old school BBS ads with the floaty text? Imagine
what you could do nowdays with SDL etc.

Just outlets for peoples creativity really.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!|07


--- Talisman v0.20-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Am 05.05.21 schrieb Oli@21:3/102 in FSX_NET:

Hallo Oli,

The only thing I'm thinking about:
- Consolidate the several BBS software support echos into FSX_BBS

Why? What is the disadvantage of low-traffic echos? It's not that echomail areas are a limited resource.

That's true, indeed. It was just a thought :)

At least keep FSX_MYS seperate or 90% of the messages in FSX_BBS would be about Mystic.

Okay, that might also be true, yes.
Then I take back my suggestion :)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

On 05 May 2021, Avon said the following...

a game echo and some file bases appeals.. I was think also for other
echos perhaps something that covers Marvel/DC comics/movies etc... and something about Space stuff so SpaceX,Nasa etc... anyway I'll be quiet again.

i have noticed that fsxNet seems to be largely technical and lacking of a 'entertainment' sort of echo. the general echo seems to be a stand in for just about everything.

that said i haven't noticed a time where i was like "all of these movie messages.. i wish they were going somewhere else so i didn't have to sift through them"

--- Mystic BBS v1.12 A47 2021/04/20 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (21:1/616)

On 05 May 2021, apam said the following...

It also allows others to filter out what might otherwise be noise to
them, I'm sure there are plenty of mystic users who couldn't care less about talisman posts, and vice versa. It's not a bad thing, just not everyone wants to spend their time on everything.

i like to keep up to date, as with anything. so i read those. but i carefully read the mystic ones with the intent to potentially be helpful. if there's much of a difference there.. hah

--- Mystic BBS v1.12 A47 2021/04/20 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (21:1/616)

fusion wrote (2021-05-05):

i have noticed that fsxNet seems to be largely technical and lacking of a 'entertainment' sort of echo. the general echo seems to be a stand in for just about everything.

that said i haven't noticed a time where i was like "all of these movie messages.. i wish they were going somewhere else so i didn't have to sift through them"

+1

---
* Origin: . (21:3/102)

*** Quoting fusion from a message to Avon ***

i have noticed that fsxNet seems to be largely technical and lacking
of a 'entertainment' sort of echo. the general echo seems to be a
stand in for just about everything.

that said i haven't noticed a time where i was like "all of these
movie messages.. i wish they were going somewhere else so i didn't
have to sift through them"

If people would update the subjects on their messages, that could make things somewhat easier. I'm guilty of it myself.

I don't know about making it a "rule" per say, more of a courtesy I suppose.


Jay

... Friends may come and friends may go, but enemies accumulate

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Black Panther wrote to Avon <=-

more hours in the day

I think this one would apply to FSX and BBSing also. :)



... Computer Hacker wanted. Must have own axe.
--- MultiMail
* Origin: Possum Lodge South * possumso.fsxnet.nz:7636/SSH:2122 (21:4/134)

Re: fsxNet Feedback
By: Oli to Avon on Tue May 04 2021 03:21 pm

1) Long names for the echomail areas:

+1 for this. Artificially truncating every area name to a 3 character tag-suffix (i.e. FSX_xxx) is a recipe for confusion. FidoNet area tags of up to 35 characters in length are supported, so might as well use more of them.
--
digital man

This Is Spinal Tap quote #26:
David St. Hubbins: They were still booing him when we came on stage.
Norco, CA WX: 83.1°F, 35.0% humidity, 6 mph E wind, 0.00 inches rain/24hrs

Al wrote to Avon <=-

We could use more areas, just what areas I am not sure. I wouldn't want
to see a long list of areas that are not used but a healthy list of
areas where people can talk about... things. :)

Agreed. If I miss a couple of days I can have a couple of hundred messages waiting in FSX_GEN. It'd be nice to split them up into other echoes, but I don't have an idea as to how to do that, either.

There are worse problems for a network to have.



... Change ambiguities to specifics
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Re: fsxNet Feedback
By: Al to Avon on Wed May 05 2021 02:58 am

I have been thinking of starting a new FDN for gaming related files. I am something of a gamer. I like games like Doom, Quake, Unreal, Duke3D and others.

Isnt that gamenet?

...δεσ∩

... He who dies with the most TAGLINES wins!
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback
By: deon to Al on Thu May 06 2021 02:21 pm

Isnt that gamenet?

I don't actually know what is going on in gamenet these days. I still get applications for gamenet from time to time but I have no access to the server anymore so I ask those applicants to send their app to Marissa.

I still poll the gamenet hub for netmail if that ever happens but I haven't got a netmail for a long time and I'm not sure how that is all setup now.

But no, what I was speaking of is something we may do here, we'll have to see how all this feed back and stuff shakes out.

Ttyl :-),
Al
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Hello Al.

05 May 21 22:08, you wrote to deon:

@BBSID: TRMB
Re: fsxNet Feedback
By: deon to Al on Thu May 06 2021 02:21 pm

Isnt that gamenet?

I don't actually know what is going on in gamenet these days. I still
get applications for gamenet from time to time but I have no access to
the server anymore so I ask those applicants to send their app to
Marissa.

I still poll the gamenet hub for netmail if that ever happens but I
haven't got a netmail for a long time and I'm not sure how that is all setup now.

But no, what I was speaking of is something we may do here, we'll have
to see how all this feed back and stuff shakes out.

Ttyl :-),
Al

i tried to apply at Marissa, but no response :(

Daniel

--- GoldED/2 3.0.1
* Origin: Roon's BBS - Budapest, HUNGARY (21:4/148)

Re: fsxNet Feedback
By: Daniel Path to Al on Thu May 06 2021 09:40 am

i tried to apply at Marissa, but no response :(

I wish I could say more but without access to the server I could only guess.

Marissa had questions about QWK/FTN networking that I answered and helped her with the initial setup.

The idea of gamenet was a good workable idea, I think. I hope she will continue with it, and keep an eye on things that need looking at from time to time.

Ttyl :-),
Al

... Baroque: When you are out of Monet.
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

On 05 May 2021 at 05:00p, poindexter FORTRAN pondered and said...

messages waiting in FSX_GEN. It'd be nice to split them up into other echoes, but I don't have an idea as to how to do that, either.
There are worse problems for a network to have.

Many thanks to everyone who took the time to reply to this thread. If you
have not yet, do feel free to do so.

It's Sat morning here and I have a full day coming up. What I am planning to
do next is to try and spend some time tonight to write up all the feedback
and then post a summary of it here to ensure I have captured the main themes etc. correctly.

Once that's done (and I have checked in again that I have it summarized correctly with the group) I'll look to respond to all the feedback and then start to progress suggested items I'd like to advance.

Thanks again for this feedback. It's very helpful.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 08 May 2021 at 09:23a, Avon pondered and said...

Many thanks to everyone who took the time to reply to this thread. If you have not yet, do feel free to do so.

It's Sat morning here and I have a full day coming up. What I am
planning to do next is to try and spend some time tonight to write up
all the feedback and then post a summary of it here to ensure I have captured the main themes etc. correctly.

I'm a day late - Saturday turned out to be busy... and today is not much
better :)

Here's the summary of what we've put forward thus far. I've tried to capture things underneath certain themes/headings and where there have been similar
"I agree" comments by others I have added a +1 to some statements.

Have a read through and if anyone spots something I have misinterpreted or misunderstood please let me know.

If there's anything missing from this brain dump of feedback etc. also let me know.

After a few more days to ensure this is correct my next steps will be to respond to it all and try to put some order around what we can work on addressing first, second etc.

Thanks again for taking the time to respond to the request for feedback. It's really appreciated.

Best, Paul


[snip]

General Feedback
================

fsxNet has grown, not a bad thing but at times feels less close knit
(+1 agree - think it's not a bad thing)

Things are going well.

Enjoying reading echomail and nothing else to add.

More beer.

Nice network, welcoming to people, not narrow minded nor overly strict with rules etc.

Like it a lot.

One of the more active networks.

A great net, has been since joined it.

If it ain't broke, don't fix it. It ain't broke.

Echomail
========

Is there a need for separate BBS echos? Could they be merged
to one? (+1 agree).

Could use more echomail areas, not a huge number but more than we have at present where we can talk about other things (+1 nice to see gen echo split
up into a few more).

Could we have other echos to cover non-technical hobbies / projects?
Add a retro computing echo? (+1 agree).

Gaming related echos? (+1 agree).

Long names for echomail tags (+1 agree - 35 avail chars, let's use them).

Low echomail echos are OK, quite like the separation of BBS info, good idea
to keep them or at least the Mystic echo.

fsxNet seems largely technical and lacking an entertainment
sort of echo (+1 agree).

Better message threading for posts would be good. Is there a problem in
fsxNet FTN?

Discussions in fsxNet
=====================

The 'no politics / religion' request in fsxNet housekeeping is working well.

Discussions on politics and religion have led to some clashes in the past.

Perhaps more moderation required / designated moderators (HUB admins?) to
hand out reminders about re bad behaviour.

I wish people would update the subjects on their messages, would make
following stuff easier, I'm guilty of doing this too.

Security / Privacy
==================

Binkp secure encryption for all hubs.

Better privacy.

SSH officially supported.

SSH for specific echos.

Documentation
=============

Docs for InterBBS games. especially Synchronet BBS setup would be great.

File Bases / Distribution
=========================

FDN for gaming related files (+1 agree).

[snip]

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: fsxNet Feedback
By: Avon to All on Sun May 09 2021 01:51 pm

Is there a need for separate BBS echos? Could they be merged
to one? (+1 agree).

-1

I don't think individual areas for different software is a bad thing and folks can connect or not as they choose.

It's good for those developing anything to have a place to discus their goings on and things they'd like to work on/progress away from other discussions.

I like the FSX_BBS area for things that relate to all BBS software and tools used to do that but I still think and area for each software is a good thing when authors/users can use it.

Ttyl :-),
Al

... DO {nothing} WHILE (HearFromMe==0)
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Avon around Sunday, May 9th...

Thanks again for this feedback. It's very helpful.

Thanks Avon!


--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Am 09.05.21 schrieb Avon@21:1/101 in FSX_NET:

Hallo Avon,

Here's the summary of what we've put forward thus far.

[...]

Thank you very much for your work to ensure this network is alive and kicking!

Best regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

*** Quoting Avon from a message to All ***

Security / Privacy ==================
Binkp secure encryption for all hubs.
Better privacy.
SSH officially supported.
SSH for specific echos.

There would probably need to be more discussion around this. I'm all for adding privacy/encryption to things, but it's only as strong as its weakest link. I'm not sure echomail was ever designed with privacy in mind.

System A could be well secured with binkp encryption & SSH access; the
message is written on the BBS over SSH & transfered to its hub with encrypted binkp, so far so good. System B then picks that message up from the same (or another hub) over an unencrypted channel (bink, ftp, frontdoor, etc) while System C simply has all if its message bases accessible on a web http/https interface (intentionally or otherwise) that is then indexed by Google.

Sure there could be a policy put in place that FSX_SECURE is only to be made available over SSH connections, e.g: s20OS on Mystic, which would mean my Telegard system couldn't carry it it all, but then how can you enforce that it's only distributed over secure bink connections?

Again, I'm all for privacy/encryption but I'm not sure the purpose of it on
an echomail network, other than keeping our credentials secure when connecting to our uplinks.


Jay

... I once boxed a pirate, he had a strong right hook

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Re: Re: fsxNet Feedback
By: Warpslide to Avon on Sun May 09 2021 06:02 am

Security / Privacy ==================
Binkp secure encryption for all hubs.
Better privacy.
SSH officially supported.
SSH for specific echos.

There would probably need to be more discussion around this. I'm all for adding privacy/encryption to things, but it's only as strong as its weakest link. I'm not sure echomail was ever designed with privacy in mind.

BBSs were pretty secure back in the day. There was no http, ftp, gopher or any internet involved. There was simply a BBS login.. :)

Even back then there was really no privacy, even in netmail. These mails even if not in the message base exist in files at least until they leave the system.

Mystic's ability to encrypt netmail between (when supported) nodes is the closest thing I have seen to complete privacy in netmail.

We can provide echo areas and netmail, but not privacy. Not today.

Ttyl :-),
Al

... I'm working on my 2nd $million... Gave up on the 1st.
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

*** Quoting Al from a message to Warpslide ***

BBSs were pretty secure back in the day. There was no http, ftp,
gopher or any internet involved. There was simply a BBS login.. :)

That's a good point. A lot of the technology we're working with here was designed in an age of point-to-point dialup connections.

We can provide echo areas and netmail, but not privacy. Not today.

And lets assume for a moment we have such an echo available, and it's configured correctly on every system. What do we talk about there? I'm not sure what I type on my keyboard varies that much based on if the channel is encrypted, except perhaps if I'm entering a credit card number.


Jay

... What do you call and alligator in a vest? An investigator

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

BY: Warpslide(21:3/110)


|11W|09> |10Al> BBSs were pretty secure back in the day. There was no http, ftp,|07
|11W|09> |10Al> gopher or any internet involved. There was simply a BBS login.. :)|07
|11W|09> |07
|11W|09> |10That's a good point. A lot of the technology we're working with here|07
|11W|09> |10was |07
|11W|09> |10designed in an age of point-to-point dialup connections.|07

We also need to keep in mind the variety of BBS platforms that are out there. Not all systems are capable of the same things, such as certain echos over ssh.

Any changes/requirements need to be platform-agnostic.

I don't see security as a real issue here. There's very little to be found in the user list of a BBS that would compromise anything. I don't require anything that would be considered PII. I ask for Real Name, city/state, and birthdate, but they aren't required. If a user doesn't want to give their real name, I just ask that it at least be real-sounding.

-Craig

/-------------------------------------------------------------\
| The Trading Post [SOUTH] BBS - Telnet: ttps.dyndns.org:2323 |
| WWIVNet - Fidonet - StarNet - FSXNet - SFNet |
| HobbyNet - PiNet | \-------------------------------------------------------------/


--- WWIV 5.7.1.0001
* Origin: ** The Trading Post [SOUTH] BBS -=- Columbia, SC ** (21:1/207)

Re: Re: fsxNet Feedback
By: Warpslide to Avon on Sun May 09 2021 06:02 am

*** Quoting Avon from a message to All ***

Security / Privacy ==================
Binkp secure encryption for all hubs.
Better privacy.
SSH officially supported.
SSH for specific echos.

There would probably need to be more discussion around this. I'm all for adding privacy/encryption to things, but it's only as
strong as its weakest link. I'm not sure echomail was ever designed with privacy in mind.

Sure there could be a policy put in place that FSX_SECURE is only to be made available over SSH connections, e.g: s20OS on Mystic,
which would mean my Telegard system couldn't carry it it all, but then how can you enforce that it's only distributed over secure
bink connections?

There is actually (I think) a very easy way to secure "the network", and I believe that will work for any BBS (new and old) that is using an IP transport. Which is something like ZeroTier. I have it on my BBS, and an othernet has it active between the hubs (my hub being binkd/hpt, and the other hubs being mystic.)

But security/privacy comes with an extra level of maintenance - which is, as you say, only as secure/private as the weakest link. So while I think we can offer it, its all in, if you want to have the comfort of it being it.

(The other benefit of something like ZeroTier, is it, by implementation knocks out all the script kiddies polling and hammering your ports - but then you add an extra level configuration required if you want a wandering visitor to visit your BBS.)

...δεσ∩

... Be wary of strong drink. It can make you shoot at tax collectors and miss --- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Hello Warpslide!

** On Sunday 09.05.21 - 07:09, Warpslide wrote to Al:

We can provide echo areas and netmail, but not privacy.
Not today.

One way to do it might be to have echos using gpg/pgp.

It's easy to define a group in gpg:

edit gpg.conf
add the following line at the end of the file

group fsx_net = fingerprint1 fingerprint2 fingerprints

Then, create the message blocks using the group name.

And lets assume for a moment we have such an echo
available, and it's configured correctly on every system.
What do we talk about there? I'm not sure what I type on
my keyboard varies that much based on if the channel is
encrypted, except perhaps if I'm entering a credit card
number.

The content doesn't matter. What matters is that access to an
echo is controlled by its members.


--- OpenXP 5.0.49
* Origin: Ogg's WestCoast Point (21:4/106.21)

Al wrote to Avon <=-

Re: Re: fsxNet Feedback
By: Avon to All on Sun May 09 2021 01:51 pm

Is there a need for separate BBS echos? Could they be merged
to one? (+1 agree).

-1

I don't think individual areas for different software is a bad thing
and folks can connect or not as they choose.

-1, i.e. I agree with Al on this one.


... DalekDOS v(overflow): (I)Obey (V)ision impaired (E)xterminate
--- MultiMail
* Origin: Possum Lodge South * possumso.fsxnet.nz:7636/SSH:2122 (21:4/134)

On 09 May 2021 at 01:51p, Avon pondered and said...

Here's the summary of what we've put forward thus far. I've tried to

[snip]

If there's anything missing from this brain dump of feedback etc. also
let me know.

After a few more days to ensure this is correct my next steps will be to respond to it all and try to put some order around what we can work on addressing first, second etc.

Final call for anything else you want to add. I plan to circle back to this thread in the coming day or so.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: fsxNet Feedback
By: Avon to All on Thu May 13 2021 09:00 pm

Final call for anything else you want to add. I plan to circle back to this thread in the coming day or so.

A file area for themes perhaps.

It's out of my own skill set but that could be useful.

Ttyl :-),
Al

... Help stamp out, eliminate and abolish redundancy!
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

On 13 May 2021 at 04:43p, Al pondered and said...

A file area for themes perhaps.
It's out of my own skill set but that could be useful.

Do you mean BBS themes, menus and ANSIs etc.?

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: fsxNet Feedback
By: Avon to Al on Fri May 14 2021 11:47 am

Do you mean BBS themes, menus and ANSIs etc.?

Yes, mystic has a new themes setup that folks can use to build their own themes.

Synchronet also can do that although it works in it's own way.

I was thinking of a file area where these sort of files could be shared when authors want to do that.

Ttyl :-),
Al

... Experience is something you don't get until just after you need it.
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

On 13 May 2021 at 04:54p, Al pondered and said...

Yes, mystic has a new themes setup that folks can use to build their own themes.
Synchronet also can do that although it works in it's own way.
I was thinking of a file area where these sort of files could be shared when authors want to do that.

Gotcha, thanks :)

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 13 May 2021 at 09:00p, Avon pondered and said...

Final call for anything else you want to add. I plan to circle back to this thread in the coming day or so.

OK here's the final version of the feedback received to date. For things that have been posted since I published the first summary of feedback I have prefaced them with a # so you can see they are new.

In the coming day or so I'll work on a response to the themes and ideas
raised and post my comments here. We can progress stuff from there. In some cases I think we can kick on and do some things quite quickly. Other ideas raised I think will need more discussion (not a bad thing) before we progress them.

Anywhoo... here's the final summary as it stands on 14/5/21 here in NZ.

[snip]

General Feedback
================

fsxNet has grown, not a bad thing but at times feels less close knit
(+1 agree - think it's not a bad thing)

Things are going well.

Enjoying reading echomail and nothing else to add.

More beer.

Nice network, welcoming to people, not narrow minded nor overly strict with rules etc.

Like it a lot.

One of the more active networks.

A great net, has been since joined it.

If it aint broke, don't fix it. It aint broke.

# Thank you very much for your work to ensure this network is alive and kicking!

# Thanks Avon!



Echomail
========

# Is there a need for separate BBS echos? Could they be merged to one?
(+1 agree, -2 disagree)

# Individual echos for different software is not a bad thing. It's good to
have separate places to discuss development etc. for specific software

Could use more echomail areas, not a huge number but more than we have at present where we can talk about other things (+1 nice to see gen echo split
up into a few more).

Could we have other echos to cover non-technical hobbies / projects?
Add a retro computing echo? (+1 agree).

Gaming related echos? (+1 agree).

Long names for echomail tags (+1 agree - 35 avail chars, let's use them).

Low echomail echos are OK, quite like the separation of BBS info, good idea
to keep them or at least the Mystic echo.

fsxNet seems largely technical and lacking an entertainment
sort of echo (+1 agree).

Better message threading for posts would be good. Is there a problem in
fsxNet FTN?

Discussions in fsxNet
=====================

The 'no politics / religion' request in fsxNet housekeeping is working well.

Discussions on politics and religion have led to some clashes in the past.

Perhaps more moderation required / designated moderators (HUB admins?) to
hand out reminders about re bad behaviour.

I wish people would update the subjects on their messages, would make
following stuff easier, I'm guilty of doing this too.

Security / Privacy
==================

Binkp secure encryption for all hubs.

Better privacy.

SSH officially supported.

SSH for specific echos.

# More discussion needed around these points. It's only as strong as weakest link and echomail may not have been designed with privacy in mind. How best
to enforce an echomail area only available via SSH?

# We can offer echos and netmail but not privacy

# What would we talk about in a 'secure' echomail area?

# Not all systems could handle echomail over SSH, changes/requirements should be platform-agnostic. Don't think security in FTN echomail is an issue.

# We could choose to 'secure' the network using something like ZeroTier

# Perhaps use gpg/pgp. Echomail content doesn't matter - what matters is an echo controlled by it's members.

Documentation
=============

Docs for InterBBS games. especially Synchronet BBS setup would be great.

File Bases / Distribution
=========================

FDN for gaming related files (+1 agree).

# File area for BBS themes (menus, ANSI, ascii etc.)

[snip]

Best, Paul

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote (2021-05-14):

Security / Privacy
==================

Binkp secure encryption for all hubs.

Better privacy.

SSH officially supported.

SSH for specific echos.

# More discussion needed around these points. It's only as strong as weakest link and echomail may not have been designed with privacy in
mind. How best to enforce an echomail area only available via SSH?

What nobody mentioned was privacy regarding privacy laws and meta data. I know many (especially people from countries who don't have strict privacy regulations) argue that BBS are all private and stuff or privacy laws don't apply. Unfortunately or fortunately (depends on your point of view) this is not the case.

There are several aspects where the current practice in fsxNet and the BBSs connected to it are not compatible with the GDPR in the EU (General Data Protection Regulation) (I guess there are other countries with strict privacy laws that might apply too).

I see three ways to address it:

1) ignore it
2) refuse service to users from the EU (nodes, points, BBS users)
3) make fsxNet and BBSs adhere to the GDPR


Now we can jump directly to the discussion why BBSs are different and why there is no need to care about GDPR and stuff ... ;)



Regarding security and transport encryption (CRYPT / TLS / SSH): I wouldn't trust collaborative security measures that only try to encrypt the traffic. If you want private conversations that don't leak, you always can setup private feeds between nodes and points and crash netmail. Or use some kind of e2e encryption. Some sysop / BBS / web echomail will offer it unencrypted or feed it to the Google at some point. Encrypt everything (TLS / SSH) is still good practice.

# We could choose to 'secure' the network using something like ZeroTier

I used ZeroTier and it's quite easy to setup and works, but I dislike the idea to use a commercial provider for the basic infrastructure. FTN is DIY.

# We can offer echos and netmail but not privacy

In some countries you are not allowed to offer anything then.

---
* Origin: . (21:3/102)

There are several aspects where the current practice in fsxNet and the
BBSs connected to it are not compatible with the GDPR in the EU
(General Data Protection Regulation) (I guess there are other
countries with strict privacy laws that might apply too).

I don't really understand how european laws are enforcable in
non-european nations? If the BBS was in europe, sure, they must comply to european laws, but if a BBS is in another country.. do we have
international agreements to honour GDPR laws? Am I going to get
extradited from Australia if a European user logs into my BBS?

I don't see any need to block europeans from fsxnet / BBSing, it's up to
them to comply with their own laws. What's to stop a european from
logging into a BBS via a proxy even if we did block them all out?

Ok, now say we care about the GDPR, how do we comply? is it simply a
matter of having a privacy policy?

Personally, I don't care. I'm not in europe, I'm never going to europe,
and I'm kind of offended that europeans think they can enforce their
moronic laws on the entire world?

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!|07


--- Talisman v0.21-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Re: fsxNet Feedback ("Privacy")
By: Oli to Avon on Fri May 14 2021 08:05 am

# We could choose to 'secure' the network using something like ZeroTier

I used ZeroTier and it's quite easy to setup and works, but I dislike the idea to use a commercial provider for the basic infrastructure. FTN is DIY.

You dont have to use "a provider" with ZeroTier.

I run a ZeroTier network that is independant of "zerotier" (the provider) itself.

While you may argue that you "find" me through their root server (which is the default) - it doesnt "have" to operate that way. I can populate a "moon" that you "orbit" around (their terms, not mine) so that zerotier can be turned off and our connection still works.

I know ZeroTier were working on personal "roots" so that this moon thing has a less of a value (and they are no longer a sudo dependancy). (I havent kept up with it recently though.)

The other good thing, with ZeroTier, you dont necessarily provide anybody on the network (who needs to be authorised if it is configured to do so), to see everything on all ports. You can firewall it to a certain extent (at the network layer), such that only specific ports are permitted on the network. (I did setup the FSX zerotier network this way.) (You could also have your own running firewall as well if you wanted.)

...δεσ∩

... MONEY TALKS...but all mine ever says is GOODBYE!
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback ("Privacy")
By: apam to Oli on Fri May 14 2021 05:19 pm

I don't really understand how european laws are enforcable in
non-european nations? If the BBS was in europe, sure, they must comply to european laws, but if a BBS is in another country.. do we have
international agreements to honour GDPR laws? Am I going to get
extradited from Australia if a European user logs into my BBS?

Well, "technically" the GDPR applies to any system that has a european who uses it - including those outside of Europe. But your point is valid - are they going to come after you apam, and fine you because your "BBS" has europeans on it and you are not following the law.

I personally dont care too much about it - european or not. If we in Australia had such a thing I dont think I would behave differently.

My response would be, "you have the choice to login or not - you have no rights here (but I'll do my best to respect you, if you do too)."

...δεσ∩

... The purpose of computing is insight, not numbers.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

apam wrote (2021-05-14):

There are several aspects where the current practice in fsxNet and the
BBSs connected to it are not compatible with the GDPR in the EU
(General Data Protection Regulation) (I guess there are other
countries with strict privacy laws that might apply too).

I don't really understand how european laws are enforcable in
non-european nations? If the BBS was in europe, sure, they must comply to european laws, but if a BBS is in another country.. do we have international agreements to honour GDPR laws? Am I going to get
extradited from Australia if a European user logs into my BBS?

You are free to give a shit, I also don't see that it is enforceable (in the case of a BBS operating outside of the EU). It also will get more confusing, when other countries will introduce similar, but slightly different regulations and laws. I'm not sure how individuals and small organizations will be able to handle it (it's already a problem).

I don't see any need to block europeans from fsxnet / BBSing, it's up to them to comply with their own laws. What's to stop a european from
logging into a BBS via a proxy even if we did block them all out?

You still violating the GDPR, if you don't comply (without any consequences for you). But for sysops / nodes / hubs / bbs who are operating in the EU, it might me a problem.

Ok, now say we care about the GDPR, how do we comply? is it simply a
matter of having a privacy policy?

Personally, I don't care. I'm not in europe, I'm never going to europe,
and I'm kind of offended that europeans think they can enforce their moronic laws on the entire world?

So you don't know the GDPR, but you know it is a moronic law? I wonder how a non-moronic law would look like and work.


The basic rules are:

- don't store and process personal data that are not technical essential
- get informed consent for the storage and processing of personal data in advance
- don't make optional (non-essential) personal data a condition (as in non-optional) for using the service
- don't leak / transmit personal data to third parties (without informed consent)

or something like this.

I privacy policy that says: agree to everything or leave is most likely not sufficient (and harmful to the idea of data protection). On the other hand I would find it acceptable to read the message: this is a private BBS. I'm unable to become an expert in every fucking data protection law in every country in my limited free time. If your not from Australia, disconnect or live with the consequences ... ;).

---
* Origin: . (21:3/102)

So you don't know the GDPR, but you know it is a moronic law? I wonder
how a non-moronic law would look like and work.

Hmm, I'm not a lawyer (are you?), so no I don't know all about it... I
know it's effects though, in that we're even having this conversation
about blocking people in europe from a BBS because "privacy" ....

- don't store and process personal data that are not technical
essential

So no wishing users happy birthday. No last 10 callers that include a "location" no real names? All these things are easily faked by anyone who
is concerned about their privacy.. the only thing technically essential
is a username and password.. and I'm not sure that is personal?

- get informed consent for the storage and processing of personal data
in advance

Ok, so privacy policy... here is a legal mumbo jumbo for you to say yes
too if you want to access the service... who reads those? and those who
don't read them, can they complain they are uninformed?

- don't make optional (non-essential) personal data a condition (as in non-optional) for using the service

Ok. But it's my service. not yours, if you want to access my service why
to you get to dictate the rules?

- don't leak / transmit personal data to third parties (without
informed consent)

This one is good, I like this one.

Andrew
--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!|07


--- Talisman v0.21-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

deon wrote (2021-05-14):

# We could choose to 'secure' the network using something like
ZeroTier

I used ZeroTier and it's quite easy to setup and works, but I
dislike the idea to use a commercial provider for the basic
infrastructure. FTN is DIY.

You dont have to use "a provider" with ZeroTier.

I run a ZeroTier network that is independant of "zerotier" (the provider) itself.

Is it completely independent?

Wikipedia tells me: "Virtual networks are created and managed using a ZeroTier controller. Management is done using an API, proprietary web-based UI (ZeroTier Central), open-source web-based or CLI alternative. Using root servers other than those hosted by ZeroTier Inc. is *impeded* by the software's license.

While you may argue that you "find" me through their root server (which
is the default) - it doesnt "have" to operate that way. I can populate a "moon" that you "orbit" around (their terms, not mine) so that zerotier
can be turned off and our connection still works.

I know ZeroTier were working on personal "roots" so that this moon thing has a less of a value (and they are no longer a sudo dependancy). (I
havent kept up with it recently though.)

root, moons, orbits, ... contr

The other good thing, with ZeroTier, you dont necessarily provide anybody on the network (who needs to be authorised if it is configured to do so), to see everything on all ports. You can firewall it to a certain extent
(at the network layer), such that only specific ports are permitted on
the network. (I did setup the FSX zerotier network this way.) (You could also have your own running firewall as well if you wanted.)

Can I configure the ports or has the admin the power to change the rules at will?

Is it possible to use ZeroTier in a really decentralized way?

---
* Origin: . (21:3/102)

Re: fsxNet Feedback (ZeroTier)
By: Oli to deon on Fri May 14 2021 11:19 am

Is it completely independent?

Yes - https://www.zerotier.com/manual/#4_4

Wikipedia tells me: "Virtual networks are created and managed using a ZeroTier controller. Management is done using an API,
proprietary web-based UI (ZeroTier Central), open-source web-based or CLI alternative. Using root servers other than those hosted by
ZeroTier Inc. is *impeded* by the software's license.

It seems illogical to impede the use of their roots via the software license, when their documentation tells you how to do it (via moons).

Can I configure the ports or has the admin the power to change the rules at will?

The owner of the network controls the ports for the network. But you with a (virtual) interface to the network can apply your OS level firewalling - in the same way you may want to firewall one host from another on the same ethernet network.

Is it possible to use ZeroTier in a really decentralized way?

Yes, I believe so - even though I've not actually tried it with any system not connected to the internet.

The concept is similar to DNS - my DNS server isnt authoritive for .de domains - it finds them via "known" root servers and thus can resolve .de addresses. OR if I configure my DNS server directly with the information of the root .de TLD, it doesnt need to query the known roots to find them.

So I run my own controller, configure my own network on that controller and you as an endpoint can find my network, directly if you configure my "moon" or indirectly via the root servers (aka planets). If zerotier shuts down their root servers, you will still continue to function if you have my moon configured.

...δεσ∩

... Elevators smell different to midgets
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

deon wrote (2021-05-14):

Is it completely independent?

Yes - https://www.zerotier.com/manual/#4_4

not convinced yet.

Wikipedia tells me: "Virtual networks are created and managed using
a ZeroTier controller. Management is done using an API, proprietary
web-based UI (ZeroTier Central), open-source web-based or CLI
alternative. Using root servers other than those hosted by ZeroTier
Inc. is *impeded* by the software's license.

It seems illogical to impede the use of their roots via the software license, when their documentation tells you how to do it (via moons).

I agree. It also would not qualify as Open Source software / license.

Can I configure the ports or has the admin the power to change the
rules at will?

The owner of the network controls the ports for the network. But you with
a (virtual) interface to the network can apply your OS level firewalling
- in the same way you may want to firewall one host from another on the same ethernet network.

The owner of the network can also set other funky rules:

*Tap all of the traffic!*
Another incredibly powerful feature of ZeroTier is the ability to tap the entire network regardless of how widely distributed its nodes are. Using the tee ability within a flow rule essentially copies every frame sent/received by nodes on the network and sends it to a node of your choice such as an IDS or full packet capture solution such as Moloch.
from: https://blog.reconinfosec.com/locking-down-zerotier/

see also: https://www.zerotier.com/2016/08/31/capability-based-security-for-virtual-networks/
headline "Global Rules and Security Monitoring"

Is there a way to prevent this?

Is it possible to use ZeroTier in a really decentralized way?

Yes, I believe so - even though I've not actually tried it with any
system not connected to the internet.

[...]

If zerotier
shuts down their root servers, you will still continue to function if you have my moon configured.

It's still kind of centralized (your moon).

---
* Origin: . (21:3/102)

Oli wrote to deon <=-

[snip]

I agree. It also would not qualify as Open Source software / license.

Just to try and help offer another possible solution to this issue as a
network engineer:

Why not investigate OpenVPN? A dedicated hub feed to a european hub
can set up DNS locally to feed a hub in europe over OpenVPN using either
TCP or UDP and choose ports, and maintain custom certs that may have a long expiration date on them... and then it'd be up to that european hub to
feed the rest of europe - insuring that their laws are followed.

Of course since the feed just got turned on today for me I may have missed a good part of the context of the thread but from what I did see this seems
like it could be a possible solution if deployed properly.



... Internal Error: The system has been taken over by sheep at line 19960
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)

Re: fsxNet Feedback (ZeroTier)
By: Oli to deon on Fri May 14 2021 08:31 pm

Another incredibly powerful feature of ZeroTier is the ability to tap the entire network regardless of how widely distributed its
nodes are. Using the tee ability within a flow rule essentially copies every frame sent/received by nodes on the network and sends it
to a node of your choice such as an IDS or full packet capture solution such as Moloch.
from: https://blog.reconinfosec.com/locking-down-zerotier/

see also: https://www.zerotier.com/2016/08/31/capability-based-security-for-virtual-networks/
headline "Global Rules and Security Monitoring"

Is there a way to prevent this?

I dont see this as an issue, it would be no differnet to tcpdump -ni eth0:

a) You can firewall what goes into the interface (aka the network) - as well as firewall what is coming to you.

b) Communications is peer to peer - the network (like the DNS analogy I gave) provides a way for you to find me. Once you do, you communicate directly to me (not via the planets and moons).

c) Communications between you and me is encrypted - with a key that you an I create once you find me. (This part I may have misread - and in fact the key may be the network key that all members have joined.)

While still a "VPN" - it is still semi public, so you still have obligations. Their are people you dont know on the network - but not *anybody* - the network "admin" can choose to "authorise" (or not) those requesting to join it.

So in the case of a

It's still kind of centralized (your moon).

If you are on "my" network, sure. But if you created your own network you have no dependancy (if you choose so) to use my moon. You could deploy your own.

...δεσ∩

... Wait! You have not been prepared! Mr. Atoz, stardate 3113.2.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback (ZeroTier)
By: deon to Oli on Sat May 15 2021 09:44 am

So crap, hit something and my last message was sent..

While still a "VPN" - it is still semi public, so you still have obligations. Their are people you dont know on the network - but not
*anybody* - the network "admin" can choose to "authorise" (or not) those requesting to join it.

So in the case of a

So in the case of a "network" setup for "fsx" - the network admin would authorise nodes to access the "fsx" network (I would suggest based on their application to join the network) - and de-authorise them when they leave the network.

We are still strangers here, but we are a list of known strangers and we can identify who is doing something in appropriate on the network and take action if that is deemeed the right response. But at the same time, our conversations and traffic is encrypted from the outside world.

Anybody outside of the network cant get to our systems and do stuff (which is the script kiddies reference I made when I started this thread).

...δεσ∩

... Committees: A group that takes minutes and wastes hours.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback (ZeroTier
By: N1uro to Oli on Fri May 14 2021 06:04 pm

Howdy,

Why not investigate OpenVPN? A dedicated hub feed to a european hub

Good suggestion, but I dont think it would be a scalable option.

OpenVPN is not point to point, but rather point to Hub. And sure an OpenVPN network could be created so that each hub was an OpenVPN hub, but then me communicating to you (eg: crashing something to you) is dependant on our hubs being up.

ZeroTier is peer to peer - so if you are a node, and I am a node, we can find each other. While we find each other via the root nodes (called planets) provided by zerotier itself - we could also find each other via "our" roots (called moons) - and each hub could be a moon as well as anybody else who wanted to be one.

You only need to find one active moon to find me.

...δεσ∩

... Nothing is true. Everything is permitted.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Hello deon;

deon wrote to N1uro <=-

OpenVPN is not point to point, but rather point to Hub. And sure an OpenVPN network could be created so that each hub was an OpenVPN hub,
but then me communicating to you (eg: crashing something to you) is dependant on our hubs being up.

Any VPN has to have some sort of a hub. Even ZeroTier. At least with OpenVPN it's open source, and we could customize it to how we see fit and we need
not announce which port or which protocol type we decide to use.

ZeroTier is peer to peer - so if you are a node, and I am a node, we
can find each other. While we find each other via the root nodes
(called planets) provided by zerotier itself - we could also find each other via "our" roots (called moons) - and each hub could be a moon as well as anybody else who wanted to be one.

The root nodes in this case would be hubs. There needs to be a central point within each network to host and serve the proper security certs. Even with OpenVPN, a point/node would still be able to see another point/node within the private IP network. That would be the purpose of designing it with a wide enough subnet so everyone could fit in.

You only need to find one active moon to find me.

With full control over our own VPN and DNS, it'd be a no brainer not to
at the minimum do a full investigation of such a setup.

</$0.02> :)

... G*t th*s* trib*les out*of m* ta*-lin* n*w!
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)

Re: fsxNet Feedback (ZeroTier
By: N1uro to deon on Fri May 14 2021 09:22 pm

Hi,

Any VPN has to have some sort of a hub. Even ZeroTier. At least with OpenVPN it's open source, and we could customize it to how we
see fit and we need
not announce which port or which protocol type we decide to use.

So I dont agree with you.

If traffic from A to C must go through "B", then yes, "B" is a hub.

With ZeroTier traffic goes direct A to C. B is only used for A to find C, but traffic does not go through it. (In much the same way you ("A") query a DNS server (aka "B") to find the server ("C"), a web server with your browser.)

B in this example can be ZeroTier infrastructure or your own.

The root nodes in this case would be hubs. There needs to be a central point within each network to host and serve the proper
security certs. Even with OpenVPN, a point/node would still be able to see another point/node within the private IP network. That

So no.

Like web serving - the DNS server has nothing to do with the SSL exchange that occurs when you "A" and the server "C" when you are browsing a secure website.

...δεσ∩

... Old age is life's parody.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback (ZeroTier)
By: deon to N1uro on Sat May 15 2021 01:26 pm

The root nodes in this case would be hubs. There needs to be a central point within each network to host and serve the proper
security certs. Even with OpenVPN, a point/node would still be able to see another point/node within the private IP network.
That

So no.

Like web serving - the DNS server has nothing to do with the SSL exchange that occurs when you "A" and the server "C" when you are
browsing a secure website.

So I'll concede a little here. "B" wont let you find "C" unless you've been authorised (if it is setup that way), and "C" knows you've been authorised, because you have a token that is signed by "B", that "C" can verify with "B"'s public cert.

So from that point of view "B" is a requirement to instigate a conversation, but not to maintain it. As an example, I have a zerotier controller that serves a network for another FTN. Over the last 6 months, that controller has been down more times than its been up (because I forget to start it), but that two systems that exchange mail over that network havent missed a beat.

(Which reminds me, I need to check its running since I've moved stuff around...)

...δεσ∩

... Diogenes is still searching.
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

deon wrote to N1uro <=-

So I dont agree with you.

That's perfectly fine and I'm happy to accept this. I will however
say that what you describe is not how I've had OpenVPN working in a
major corporate environment nor is it how IP works when you factor in the netmask of a subnet.

I'm on a subnet of 44/9 which is somewhat of a vpn minus the encryption. 44.0.0.1 is the host and where BGP is announced. My IP is 44.88.0.9 however
my path to a point in New Jersey does NOT go to 44.0.0.1, it is direct:

traceroute to wb2snn.ampr.org (44.64.10.33), 30 hops max, 60 byte packets
1 gw.n1uro.ampr.org (44.88.0.1) 5.670 ms 6.102 ms 6.095 ms
2 wb2ona.ampr.org (44.64.255.225) 41.601 ms 45.571 ms 46.421 ms

It all depends on how one sets it up.

... Book Title: Chirpin' and Jumpin': Katie Didd
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)

Re: fsxNet Feedback (ZeroTier
By: N1uro to deon on Sat May 15 2021 01:13 am

Hey,

So I dont agree with you.

That's perfectly fine and I'm happy to accept this. I will however
say that what you describe is not how I've had OpenVPN working in a
major corporate environment nor is it how IP works when you factor in the netmask of a subnet.

Right I agree - I'm not talking about OpenVPN - I'm comparing it's architecture to that of ZeroTier. (I've been a long time OpenVPN user as well.)

I'm on a subnet of 44/9 which is somewhat of a vpn minus the encryption. 44.0.0.1 is the host and where BGP is announced. My IP is
44.88.0.9 however
my path to a point in New Jersey does NOT go to 44.0.0.1, it is direct:

Its direct via the "hub" though right?

44/9 includes both 44.88.0.9 and 44.0.0.1 (and 44.64.10.33)

Network: 44.0.0.0/9 00101100.0 0000000.00000000.00000000
HostMin: 44.0.0.1 00101100.0 0000000.00000000.00000001
HostMax: 44.127.255.254 00101100.0 1111111.11111111.11111110
Broadcast: 44.127.255.255 00101100.0 1111111.11111111.11111111

If you did a tcpdump -ni tun0 on 44.0.0.1 you would see the packets coming in (from your real IP) and going out again (to the other IP). Traceroute doest show it because you are not technically traversing a router (because it is a /9 network).

traceroute to wb2snn.ampr.org (44.64.10.33), 30 hops max, 60 byte packets
1 gw.n1uro.ampr.org (44.88.0.1) 5.670 ms 6.102 ms 6.095 ms
2 wb2ona.ampr.org (44.64.255.225) 41.601 ms 45.571 ms 46.421 ms

So, if you turn off 44.0.0.1, can you still ping 44.64.10.33 from 44.88.0.9?

Further the performance of your network traffic to 44.64.10.33 is limited by the your link, 44.0.0.1's link and 44.64.10.33. If any of those links gets "busy", especially 44.0.0.1 your peformance is impacted.

...δεσ∩
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Hello deon;

deon wrote to N1uro <=-

Its direct via the "hub" though right?

No it is not.

44/9 includes both 44.88.0.9 and 44.0.0.1 (and 44.64.10.33)

Network: 44.0.0.0/9 00101100.0 0000000.00000000.00000000 HostMin: 44.0.0.1 00101100.0 0000000.00000000.00000001 HostMax: 44.127.255.254 00101100.0 1111111.11111111.11111110 Broadcast: 44.127.255.255 00101100.0 1111111.11111111.11111111

Correct.

If you did a tcpdump -ni tun0 on 44.0.0.1 you would see the packets
coming in (from your real IP) and going out again (to the other IP). Traceroute doest show it because you are not technically traversing a router (because it is a /9 network).

Again semi-correct. It'd be tunl0 not tun0... and you'd want to use the ethernet interface not the tunneled interface to watch.

traceroute to wb2snn.ampr.org (44.64.10.33), 30 hops max, 60 byte packets
1 gw.n1uro.ampr.org (44.88.0.1) 5.670 ms 6.102 ms 6.095 ms
2 wb2ona.ampr.org (44.64.255.225) 41.601 ms 45.571 ms 46.421 ms

So, if you turn off 44.0.0.1, can you still ping 44.64.10.33 from 44.88.0.9?

Absolutely! They do have to take 44.0.0.1 offline on occasion to do maintenance, software upgrades, etc but that doesn't affect the rest of us. AmprGate as it's known is a BSD box hosted at the University of California/
San Diego where the primary BGP announcement is done.

Further the performance of your network traffic to 44.64.10.33 is
limited by the your link, 44.0.0.1's link and 44.64.10.33. If any of
those links gets "busy", especially 44.0.0.1 your peformance is
impacted.

Not at all! Because of the encapsulation and ISPs doing what we've termed as SAFE routing (Source Address FilterEd) we incorporate policy routing into our systems and we get a "push" from a 3rd party site in the U.K. as dynamic IP hosted systems report updates to it like OpenVPN would do. So in the policy route table I have for 44/9 this is one of hundreds of routes:
44.64.10.32/27 via 24.0.91.254 dev tunl0 proto 44 onlink window 840
My route/path to 44.64.10.33 doesn't go near California!.. and since we're
on the same ISP, we're about as direct as we can possibly be without line
of site 802.11 :)

Years go this might not have been true depending on who you were and what your needs were. If you were SAFEd you needed a non-SAFEd host to forward your routing via. Since I was on a non-SAFEd ISP I was one of a handful of hosts
for those that were. Of course, general traffic from the global internet would still filter through 44.0.0.1 which would take the standard frame and convert it to an encapsulated frame destined for the final hop. If we're looking to accomodate encryption for european links/feeds I don't think this would be
an issue :)

... Backstage Pass -- "Shake Your Booty" World Tour 1995-96
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)

Re: fsxNet Feedback (ZeroTier
By: N1uro to deon on Sat May 15 2021 02:50 pm

Howdy,

So things werent adding up for me with your explaination of what you were doing. I think we were coming from 2 different contexts.

I was lead to believe that "the network" as 44/9 and that the OpenVPN server surved that subnet to clients. So as a client on the network, your address would have been a /9. (I should have picked that up when you gave your ping output.)

But in your message, you shared this:

it like OpenVPN would do. So in the policy route table I have for 44/9 this is one of hundreds of routes:
44.64.10.32/27 via 24.0.91.254 dev tunl0 proto 44 onlink window 840

So its not really a single /9 vpn network, its multiple networks, and you have a /27 vpn network and you route 44/9 over it.

traceroute to wb2snn.ampr.org (44.64.10.33), 30 hops max, 60 byte packets
1 gw.n1uro.ampr.org (44.88.0.1) 5.670 ms 6.102 ms 6.095 ms
2 wb2ona.ampr.org (44.64.255.225) 41.601 ms 45.571 ms 46.421 ms

And given that 44.0.0.1 goes "offline" without loss of connectivity to you to 44.88.0.9 that means that the other end of your OpenVPN link also has an alternative link to 44.88.0.9 (directly or indirectly).

Anyway, OpenVPN is a viable "vpn" alternative - I agree, but I think it requires too many management points, sets of servers running OpenVPN and configuration to multiple parts of the network to provide redundancy. (Too much for a simple BBS network.)

In contrast (which is how this thread started), ZeroTier is peer to peer and just requires you to run a client and me. Since I'm managing "my" network, I'm using a personal "controller" (not zerotiers) - and you find me by requesting the controllers network address. Once I authorise you on the network, you dont route your traffic through my controller, you connect direct to me point to point.

Where the concern also was, is that ZeroTier's root servers are required for you to find me - implying if they turned them off you couldnt. That's not true however, since I can define a personal root server (called a moon and more for redundancy), which you configure to find me without ZeroTiers invovlement.

I recall reading at some point that ZeroTier were going to enable you to advertise your own "root servers" (since the root server's address is harded coded in the client - in much the same way that DNS servers (the DNS analogy) have a standard root server configuration). If and when they do that, then ZeroTier could turn off their root servers and you would still be able to find me (and no moons required).

...δεσ∩
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

On 13 May 2021 at 09:00p, Avon pondered and said...

After a few more days to ensure this is correct my next steps will be respond to it all and try to put some order around what we can work o addressing first, second etc.

Final call for anything else you want to add. I plan to circle back to this thread in the coming day or so.

In this post I want to respond to the general feedback below.

General Feedback
================

fsxNet has grown, not a bad thing but at times feels less close knit
(+1 agree - think it's not a bad thing)

Things are going well.

Enjoying reading echomail and nothing else to add.

More beer.

Nice network, welcoming to people, not narrow minded nor overly strict with rules etc.

Like it a lot.

One of the more active networks.

A great net, has been since joined it.

If it ain't broke, don't fix it. It ain't broke.

Thank you very much for your work to ensure this network is alive and
kicking!

Thanks Avon!

==============================================================================

Thanks for this feedback. My takeout is that folks are generally happy with
the network at the moment and how things are going. I think that despite the overall increase in numbers of nodes involved in fsxNet in recent years it always seems to be that there is a smaller subset of more active nodes/people regularly posting to the echomail areas.

That sort of thing looks like the norm to me both here in fsxNet and in other FTN networks. Some of those folks are long term people and others are newer to the BBS scene and fsxNet.

What seems to change over time are the people taking that more 'active' role
as contributors. This also seems normal. I've noticed levels of posting activity depends on the motivations of any given sysop. Some just want to add the message network and move on to the next customisation for their BBS.
Others enjoy the echomail areas and subjects being discussed. Some like the general vibe coming from the authors posting to the network and find things agreeable. On the flip side others don't see or like these things, they opt
to move on to Othernets, retain or drop fsxNet and/or drop out of the BBS scene altogether. and that's fine too.

All of which is to say, keeping involved in the hobby yet alone a FTN message network like fsxNet comes down to personal choice, available time and
interest. At least that's my current working theory, and after 5+ years it seems to be mostly correct ;)

There were a number of different subject/topics raised during my requests for feedback about fsxNet. What I plan to do is post each as a separate thread
and use that thread as a starting point for further discussion in this echo.

If I were to respond to everything from echomail to file bases etc. in the
one post the subsequent chatter would get really confusing given the range of subjects/topics we've covered.

So do look for separate (appropriately named) posts in this echo as I start
to respond to each area/theme. Please, when you are replying make sure you check the subject is correct before you start your reply. Let's try to keep
the subjects and specifics correct in our subject line and message body copy
to make things easier for others to read, follow along and reply to.

It may take me a few days to reply to each key theme but I'll post stuff here and start new threads as I go, and we can discuss and set up stuff from
there. Thanks again for the feedback and ideas - they are appreciated!

Best, Paul.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Hello deon;

deon wrote to N1uro <=-

So things werent adding up for me with your explaination of what you
were doing. I think we were coming from 2 different contexts.

Not really. I think you're just over thinking the whole process.

I was lead to believe that "the network" as 44/9 and that the OpenVPN server surved that subnet to clients. So as a client on the network,
your address would have been a /9. (I should have picked that up when
you gave your ping output.)

The /9 is part of the overall network, but we're also broken down into smaller subnets with point-to-point routing between each subnet.

But in your message, you shared this:

it like OpenVPN would do. So in the policy route table I have for 44/9

this

is one of hundreds of routes:

44.64.10.32/27 via 24.0.91.254 dev tunl0 proto 44 onlink window 840

So its not really a single /9 vpn network, its multiple networks, and
you have a /27 vpn network and you route 44/9 over it.

It's both.

And given that 44.0.0.1 goes "offline" without loss of connectivity to
you to 44.88.0.9 that means that the other end of your OpenVPN link
also has an alternative link to 44.88.0.9 (directly or indirectly).

It's a point to multipoint mesh network.

Anyway, OpenVPN is a viable "vpn" alternative - I agree, but I think it requires too many management points, sets of servers running OpenVPN
and configuration to multiple parts of the network to provide
redundancy. (Too much for a simple BBS network.)

Not really -if- it's done correctly and that's the key, however for most
who aren't european BBS, it's not an issue. I believe the necessity is to protect the user in and through europe no?

In contrast (which is how this thread started), ZeroTier is peer to
peer and just requires you to run a client and me. Since I'm managing
"my" network, I'm using a personal "controller" (not zerotiers) - and
you find me by requesting the controllers network address. Once I authorise you on the network, you dont route your traffic through my controller, you connect direct to me point to point.

As we do with 44-net.

Where the concern also was, is that ZeroTier's root servers are
required for you to find me - implying if they turned them off you couldnt. That's not true however, since I can define a personal root server (called a moon and more for redundancy), which you configure to find me without ZeroTiers invovlement.

That sounds like a lot more management on the part of the sysop though. We've simplified this and we've also made accomodations for those who are on ISPs that dish out dynamic IPs.

I recall reading at some point that ZeroTier were going to enable you
to advertise your own "root servers" (since the root server's address
is harded coded in the client - in much the same way that DNS servers
(the DNS analogy) have a standard root server configuration). If and
when they do that, then ZeroTier could turn off their root servers and
you would still be able to find me (and no moons required).

What we did was as I mentioned (you may have passed it by) have a server
in the U.K. that we call the portal. Those on dynamic IPs create a dyndns
host and instead of entering in an IP they enter in their dyndns address. Hourly the portal does dns queries to see if there's any changes in IPs and
if so it does 2 things:
- it creates a route file with the new changes so those who wish to manually
download it may do so
- it sends that file to amprgate which then sends out a broadcast in RIP that
we slightly rewrote. The client runs a tiny daemon that picks up the route
broadcasts and makes it's changes to the local node's route table in their
policy routing.

I don't think windows has the ability to use this daemon but in the command
to load it, you specify which route table you're using. The lower the table number the higher the priority... as standard. The broadcasts if no changes
are made are done hourly. If a node's IP changes then it's done fairly
quickly.

Unfortunately I don't think OpenVPN by itself has the ability to change routes on the fly... the newer version may I haven't looked. I do know in Germany they're doing this 100% on OpenVPN and it's quite successful since Germany
is BGP hosted and doesn't use amprgate at all - there's no need - but they
are using OpenVPN for the clients and they're all point to multipoint. If
the main hub/server goes down, they will lose routing to the rest of 44-net
BUT they still maintain connectivity to each other.

I know it sounds a bit complicated, but it really isn't and it's quite slick. we've been doing things this way now for almost 10 years with almost no issues.

- N1URO

... AD&D Famous Last Words: Am I seeing things or is that a dragon?
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)

N1uro wrote (2021-05-14):

I agree. It also would not qualify as Open Source software /
license.

Just to try and help offer another possible solution to this issue as a network engineer:

Why not investigate OpenVPN?

p2p connections work by default in ZeroTier. Does OpenVPN do any NAT hole punching? A known and simpler alternative would be tinc. OpenVPN has also become kind of old-tech. Is there anything wireguard wouldn't do simpler and better (for our use case)?

A dedicated hub feed to a european hub
can set up DNS locally to feed a hub in europe over OpenVPN using either TCP or UDP and choose ports, and maintain custom certs that may have a
long expiration date on them... and then it'd be up to that european hub
to feed the rest of europe - insuring that their laws are followed.

Personally I'm not interested in a top-down approach with admin(s) maintaining certs and granting and revoking access. I would call it unnecessary centralization (bullshit power & small bus factor). FTN are on the lower layer decentralized and designed as "cooperative anarchy".

It's not that I don't appreciate your initiative to setup OpenVPN for the network, I just doubt that standard VPNs are a good fit for FTN.

(not sure what the European hub and laws part is about)

---
* Origin: . (21:3/102)

deon wrote (2021-05-15):

So in the case of a "network" setup for "fsx" - the network admin would authorise nodes to access the "fsx" network (I would suggest based on
their application to join the network) - and de-authorise them when they leave the network.

-1

We are still strangers here, but we are a list of known strangers and we can identify who is doing something in appropriate on the network and
take action if that is deemeed the right response.

-1

But at the same time,
our conversations and traffic is encrypted from the outside world.

there are other ways for encryption, which fit the FTN model better.

Anybody outside of the network cant get to our systems and do stuff
(which is the script kiddies reference I made when I started this thread).

So you propose everything should happen within the VPN? No open BBS / binkp ports to the real Internet?

-1

---
* Origin: . (21:3/102)

deon wrote (2021-05-15):

Another incredibly powerful feature of ZeroTier is the ability to
tap the entire network regardless of how widely distributed its
nodes are.

Is there a way to prevent this?

I dont see this as an issue, it would be no differnet to tcpdump -ni eth0:

I was not aware that you can monitor all of my fsxnet traffic with a tcpdump on your side.

For a corporate network this is obviously a feature, but in our use case I would call it a security flaw.

---
* Origin: . (21:3/102)

Re: fsxNet Feedback (ZeroTier)
By: Oli to deon on Sun May 16 2021 03:43 pm

Anybody outside of the network cant get to our systems and do stuff
(which is the script kiddies reference I made when I started this thread).

So you propose everything should happen within the VPN? No open BBS / binkp ports to the real Internet?

No, its not an all or nothing. As an example, my hub is connected to a ZeroTier VPN for another net, but folks can still get to it for FSX.

You can *choose* to connect to the VPN or not. I doubt we would see the day that you are forced to join a VPN for folks to interact with your BBS.

My suggestion was to use the technology to obtain a benefit or two - some of those benefits I think are useful - I'm not suggesting that everybody thinks the same.

The benefits were:

* Securing transmission
* Adding some privacy to connections between systems - which can extend to the user logging in telnet and the EMSI/BINKP exchanges of mail/files.
* By definition of the above, reducing the "script kiddies" from bashing ports * And, to achieve all of the above, is just a client that needs to be installed.

I know I would close my binkp/emsi to public interfaces if access to those services was a "standard" via a virtual network. I just makes sense to me.

So in the case of a "network" setup for "fsx" - the network admin would authorise nodes to access the "fsx" network (I would suggest based on
their application to join the network) - and de-authorise them when they leave the network.

-1

If there was an FSX "VPN", I dont see a reason to allow folks on that VPN if there are not part of FSX - so I dont understand your '-1' thinking.

We are still strangers here, but we are a list of known strangers and we can identify who is doing something in appropriate on the network and
take action if that is deemeed the right response.

-1

Likewise, I dont understand your thinking. It would be easier to identify if somebody was doing something inappropriate on the network, and an easy way to address it. I'm wondering if your concern is to do with the fact that you can be removed from the network by somebody who "manages it" if your conduct was determined to be unappropriate?

there are other ways for encryption, which fit the FTN model better.

Sure, suggest some - since I think this discussion started by your comments around privacy and security.

...δεσ∩
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: fsxNet Feedback (ZeroTier)
By: Oli to deon on Sun May 16 2021 03:52 pm

Another incredibly powerful feature of ZeroTier is the ability to
tap the entire network regardless of how widely distributed its
nodes are.

Is there a way to prevent this?

I dont see this as an issue, it would be no differnet to tcpdump -ni eth0:

I was not aware that you can monitor all of my fsxnet traffic with a tcpdump on your side.

For a corporate network this is obviously a feature, but in our use case I would call it a security flaw.

I didnt say I could see "all traffic" - infact I've been explaining how its peer to peer all along - so there is no way I can see your traffic to another node, since it doesnt come via me.

But I can see any traffic that broadcasts on the network (BAU), as well as any traffic that is destined to me, via a TCPDUMP. (I think from memory that broadcasts can be blocked via configuration, and thus if so, I would see them.)

The interface that ZT creates is similar to a switched ethernet interface - anything that comes down that port I can see.

...δεσ∩
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Oli wrote to N1uro <=-

N1uro wrote (2021-05-14):

p2p connections work by default in ZeroTier. Does OpenVPN do any NAT
hole punching? A known and simpler alternative would be tinc. OpenVPN
has also become kind of old-tech. Is there anything wireguard wouldn't
do simpler and better (for our use case)?

If you're doing straight UNencrypted connections you don't need any VPN.
You could do it all with policy routing and a simple route table. It would
be 100% point to multipoint, no centralized hub required nor DNS in reality. Just an IP address... which one already gets from their ISP.

Personally I'm not interested in a top-down approach with admin(s) maintaining certs and granting and revoking access. I would call it unnecessary centralization (bullshit power & small bus factor). FTN are
on the lower layer decentralized and designed as "cooperative anarchy".

I think the whole conversation steered away from the original claim which is European Law requires a user's data be protected.

It's not that I don't appreciate your initiative to setup OpenVPN for
the network, I just doubt that standard VPNs are a good fit for FTN.

With the brain power on FTN nets, I'm sure we could develop our own solutions.

(not sure what the European hub and laws part is about)

See above. It was suggested that we needed to insure encryption in/out
of European nodes which require certs and such. Being in the west I don't -need- to do such but it was also suggested that those going into european points also must encrypt.

... G*t th*s* trib*les out*of m* ta*-lin* n*w!
--- MultiMail/Linux v0.52
* Origin: Carnage - risen from the dead now on SBBS (21:4/107)