Thanks Brian
For all your hard work - very much appreciated here over all these decades
as well as those others that provide support to the amprnet
(Just making sure this works for me)
73 Paul G4APL(GB7CIP)
--
paul(a)theskywaves.net
On 9/16/17 4:44 PM, Chris wrote:
> Ah that old chestnut, it's a shame you choose to continue to be rude and
> obnoxious even though you know nothing about me or my circumstances. You
> know if I thought I could actually trust you to have a private conversation
> instead of broadcasting my private emails to a mailing list I would be
> happy to answer all your questions.
I cannot have a private conversation as a means to stifle debate on a subject
which affects all members of 44net.
The only option we will consider is to release the source code. To do
anything else when claiming to be for openness is hypocrisy.
You dangle a sword over all users of 44net and think we should be grateful for
not dropping it upon us. You recognize the difference between leading through
coercion and leading with better ideas, no?
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
Please note, I'm replying onlist as Chris wants to keep this "private" so
can't see how messed up this is.
On 9/16/17 5:17 PM, Chris wrote:
>> On 16 Sep 2017, at 21:55, Bryan Fields <Bryan(a)bryanfields.net> wrote:
>>
>>> You know if I thought I could actually trust you to have a private
>>> conversation instead of broadcasting my private emails to a mailing
>>> list I would be happy to answer all your questions.
>>
>> I cannot have a private conversation as a means to stifle debate on a
>> subject which affects all members of 44net.
>
> I was not offering to debate anything, just have a private chat and answer
> your questions.
>
>> The only option we will consider is to release the source code. To do
>> anything else when claiming to be for openness is hypocrisy.
>
> That is your opinion, based on assumptions.
Gee, if only there was an easy way to refute said "assumptions".
License your code under a free software license and submit it to the users.
>> You dangle a sword over all users of 44net and think we should be
>> grateful for not dropping it upon us. You recognize the difference
>> between leading through coercion and leading with better ideas, no?
>
> More opinion and assumption. FYI several other people have copies of the
> source code (which incidentally is not copyrighted by me)
It is. You wrote it and under federal copyright law you own it.
I would refer you to https://portal.ampr.org/site-terms.php
"AMPRNet refers to the group of individuals responsible for maintaining this
website. "
Assuming this is valid, you would be stating you own it as you are the person
responsible for maintaining that website. I'll ignore the several other
offensive claims on there for the time being.
> and the backend
> database is replicated in real time and under the control of other people.
Who?
> If anything were to happen to me, or indeed if I simply chose to walk away
> from it,
You walking away would be a good thing. The sort of "help" you've given is no
different than a drug dealer giving free heroin samples.
> 44Net would not suffer at all, it would just need someone else to
> host the portal, and I'm sure that would not be an issue. So I fail to see
> what this hypothetical sword you refer is.
You own the copyright of what you wrote. You have not licensed it as free
software. Under federal law you can revoke our right to use it at any time.
You've now got us hooked on your non-free software and we can't function
without it. When you decide things are going to change due to petty desires,
we're screwed. It's bitkeeper/pf/ZFS history repeating itself.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
> There is another option. And I am kind of surprised it doesn't exist,
> or maybe it does and I am not aware of it.
> Someone who has a BGP announced allocation, like HamWan (for the US)
> could create their own (open source) portal for remote (non RF-LAN)
> users. They could also support things like OpenVPN in addition to
> IPIP, etc. I envisioned a series of regional portals, where non-RF
> users would hook up with the one closest to them. If you are in
> Europe for instance, I am pretty sure there is someone over there with
> a BGP announcement, and there could he a Europe portal for IPIP (and
> possibly other types of connections) to register with rather than back
> all the way to UCSD.
Yes, we do have that here in the Netherlands and I think it is also available
in a couple of outer countries (Germany, Finland come to mind).
For IPIP we require registration with portal.ampr.org, because IPIP is a full
mesh and we only participate in that, but for other protocols no such
registration is required and the tunnel definition is just created locally
at our gateway. We offer GRE, GRE/IPsec, L2TP/IPsec, IPsec tunnel, OpenVPN,
and of course our radio network.
Rob
> A private, ham only OpenID server? that should provide authentication
> as well as authorization for assorted servers. Make it stand alone &
> not tied to any particular service like amprnet or echolink or LOTW.
> make it freely accessible to anyone who wants to authenticate a ham
> anywhere.
Yes, that is the basic idea, but it should not be limited to website usage
and it should be possible to retrieve attributes such as "is this a verified
licensed hamradio operator". The user list could contain outsiders,
unverified hams and verified hams, and the facilities available to them could
be different. E.g. a user who is not a verified ham would not be able to use an
Echolink-like service, but they could read and contribute to a mailinglist.
The service should offer some different APIs, e.g. RADIUS for user/password
authentication and maybe something like OpenID for website logon.
When a user has a valid account, he should be able to obtain client certificates
for use in services where that is appropriate.
The PKI design has to be careful, with some attention to detail a lot of
mishaps can be avoided. This requires expertise in the matter.
Rob
Hi Chris,
I just tried your 44.131.151.2 NNTP server from my 44.135.92.10 machine
and was refused.
Ron
VE3CGR
> We've been running a news server (inn) for years. I've already put reader access in for ampr.org hosts to provide the same service that Brian provided on the machine that has died and is being decommissioned, it's on 44.131.151.2 or on the public Internet as nntp.comgw.net
> It wouldn't be difficult to setup some local groups just for amprnet use, it would also be fairly trivial to pipe this mailing list into a local group if that is of interest to anyone?
> Chris
> A private, ham only OpenID server?
This is similar to an idea I had several years back (2012 according to the
registration for my unused domain hamauth.com), but I couldn't find anyone
else at the time who was interested in it. As a result, it never won any
battles for my limited availability of time to work on it. :(
The basic idea was to define various assurance levels that people could
meet using various methods. Then, allow amateur radio websites and
services to define what level of assurance they need and allow them the
option to easily authenticate their users using a hosted service (using
things like OpenID or OAuth).
Those levels could be something like:
- Identity, call sign, operating privileges, and mailing address all
verified
- Call sign, operating privileges, and mailing address verified (LotW
gets us here)
- Call sign and operating privileges verified (We can verify their
license is valid, but only assume they're the legitimate holder of it until
it's challenged, somewhat like how qrz.com does it)
- Call sign claimed (not all countries have license info online for
verifying privileges)
- Non-amateur (not yet licensed)
For example, if a user can prove to us they have control over a valid LotW
certificate, they would get one of the highest levels of assurance because
we know the ARRL has already confirmed the validity of their license and
that they can receive mail at the license address. The user would then be
able to login with their call sign on just about any site that chooses to
use our service for authentication. However, some sites may not choose to
trust our third party service directly, so we could also be a resource on
how they could setup their own authentication and verification schemes.
While it might be a pain to get a LotW certificate, they are the only
organization I'm aware of that offers to authenticate amateurs from any
country. It's essentially a service they created to be globally trusted in
order to protect the integrity of their contests. In the past they've also
expressed a willingness to allow their service to be used for other general
amateur authentication purposes, so I don't think we need to worry about
them objecting to anything like this.
Also, there's no reason why the ARRL has to be the only source of that
trust. For example, if you have a valid client certificate loaded in your
browser with your call sign in the right place, we'll accept it on the
HamWAN portal ( https://encrypted.hamwan.org/ ) whether it's signed by
ARRL, or of it's signed by HamWAN's own certificate authority.
If there are other organizations in other countries that can authenticate
licenses in an easier fashion, we can definitely include them in the
process. They way other amateur services would just need to check a box
that says they trust that entity to validate users from that country.
I'm exceeded to see several others interested in this, but since it's
off-topic for this reflector, please join me in the new hamauth group. ;)
Click:
https://groups.io/g/hamauth
or
Email:
hamauth+subscribe(a)groups.io
Cory
NQ1E
