> >/A good project on AMPRNet would be to setup a user authentication /> >/system that can be /> >/used for our services without running the risk that some (ab)used /> >/party suddenly /> >/draws back the support, or delays validation of new applicants (if /> >/only due to lack /> >/of volunteers to do the validation). /> Now, this is a great idea. Could also be used for IPv6 netblock
> validation.
Yes, although a more dynamic method like BGP appears to be more suitable for that.
Such an authentication system should offer a method to authenticate users that want
to log on to some service and it should have some attributes for each user that
can be used in queries for authentication.
Things that come to mind:
- does the user have a (verified) amateur radio license
- category of the license (preferably with allowed band ranges)
- client certificate(s)
- password(s)
Probably more can be added.
The problem of course is the manual work required for license validation.
We could devise some method to use earlier validations by Echolink and LOTW,
but when we want to do our own validation we require the volunteers that look
at scanned license documents and accept/reject them.
An issue is the storage of so much personal information in a database, which
requires compliance to rules for personal data protection that are (or are
becoming) quite strict in many countries.
When we would have such a system on AMPRNet (preferably also usable from internet)
it could be used for many purposes where we are now limited in practice.
E.g. to set up a next-generation Echolink-like system that is open/free.
Rob
Maybe after the dust has settled it would be worth investigating to install a local NNTP server (INN)
and the mailman-to-usenet gateway? Or some way to give an NNTP server access to the mailman archive?
(I don't know how the archive is stored in mailman... is it just a collection of mail files, 1 message per file?)
Of course it would require some study and maybe some hacks, it would e.g. be nice when the NNTP
server authenticates the users using the mailman accounts (until we have that general authentication
service, at least...)
Rob
Thanks Brian
For all your hard work - very much appreciated here over all these decades
as well as those others that provide support to the amprnet
(Just making sure this works for me)
73 Paul G4APL(GB7CIP)
--
paul(a)theskywaves.net
On 9/16/17 4:44 PM, Chris wrote:
> Ah that old chestnut, it's a shame you choose to continue to be rude and
> obnoxious even though you know nothing about me or my circumstances. You
> know if I thought I could actually trust you to have a private conversation
> instead of broadcasting my private emails to a mailing list I would be
> happy to answer all your questions.
I cannot have a private conversation as a means to stifle debate on a subject
which affects all members of 44net.
The only option we will consider is to release the source code. To do
anything else when claiming to be for openness is hypocrisy.
You dangle a sword over all users of 44net and think we should be grateful for
not dropping it upon us. You recognize the difference between leading through
coercion and leading with better ideas, no?
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
Please note, I'm replying onlist as Chris wants to keep this "private" so
can't see how messed up this is.
On 9/16/17 5:17 PM, Chris wrote:
>> On 16 Sep 2017, at 21:55, Bryan Fields <Bryan(a)bryanfields.net> wrote:
>>
>>> You know if I thought I could actually trust you to have a private
>>> conversation instead of broadcasting my private emails to a mailing
>>> list I would be happy to answer all your questions.
>>
>> I cannot have a private conversation as a means to stifle debate on a
>> subject which affects all members of 44net.
>
> I was not offering to debate anything, just have a private chat and answer
> your questions.
>
>> The only option we will consider is to release the source code. To do
>> anything else when claiming to be for openness is hypocrisy.
>
> That is your opinion, based on assumptions.
Gee, if only there was an easy way to refute said "assumptions".
License your code under a free software license and submit it to the users.
>> You dangle a sword over all users of 44net and think we should be
>> grateful for not dropping it upon us. You recognize the difference
>> between leading through coercion and leading with better ideas, no?
>
> More opinion and assumption. FYI several other people have copies of the
> source code (which incidentally is not copyrighted by me)
It is. You wrote it and under federal copyright law you own it.
I would refer you to https://portal.ampr.org/site-terms.php
"AMPRNet refers to the group of individuals responsible for maintaining this
website. "
Assuming this is valid, you would be stating you own it as you are the person
responsible for maintaining that website. I'll ignore the several other
offensive claims on there for the time being.
> and the backend
> database is replicated in real time and under the control of other people.
Who?
> If anything were to happen to me, or indeed if I simply chose to walk away
> from it,
You walking away would be a good thing. The sort of "help" you've given is no
different than a drug dealer giving free heroin samples.
> 44Net would not suffer at all, it would just need someone else to
> host the portal, and I'm sure that would not be an issue. So I fail to see
> what this hypothetical sword you refer is.
You own the copyright of what you wrote. You have not licensed it as free
software. Under federal law you can revoke our right to use it at any time.
You've now got us hooked on your non-free software and we can't function
without it. When you decide things are going to change due to petty desires,
we're screwed. It's bitkeeper/pf/ZFS history repeating itself.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
> There is another option. And I am kind of surprised it doesn't exist,
> or maybe it does and I am not aware of it.
> Someone who has a BGP announced allocation, like HamWan (for the US)
> could create their own (open source) portal for remote (non RF-LAN)
> users. They could also support things like OpenVPN in addition to
> IPIP, etc. I envisioned a series of regional portals, where non-RF
> users would hook up with the one closest to them. If you are in
> Europe for instance, I am pretty sure there is someone over there with
> a BGP announcement, and there could he a Europe portal for IPIP (and
> possibly other types of connections) to register with rather than back
> all the way to UCSD.
Yes, we do have that here in the Netherlands and I think it is also available
in a couple of outer countries (Germany, Finland come to mind).
For IPIP we require registration with portal.ampr.org, because IPIP is a full
mesh and we only participate in that, but for other protocols no such
registration is required and the tunnel definition is just created locally
at our gateway. We offer GRE, GRE/IPsec, L2TP/IPsec, IPsec tunnel, OpenVPN,
and of course our radio network.
Rob
