246 lines
16 KiB
Org Mode
246 lines
16 KiB
Org Mode
#+TITLE:
|
|
#+AUTHOR: Bob Mottram
|
|
#+EMAIL: bob@freedombone.net
|
|
#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
|
|
#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
|
|
#+OPTIONS: ^:nil toc:nil
|
|
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/logo.png]]
|
|
#+END_CENTER
|
|
|
|
#+begin_export html
|
|
<center><h1>Mesh Network</h1></center>
|
|
#+end_export
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_screenshot.jpg]]
|
|
#+END_CENTER
|
|
|
|
|------------------------+---+-------------+---+----------------------+---+---------------|
|
|
| [[What the system can do]] | - | [[Disk Images]] | - | [[Building Disk Images]] | - | [[How to use it]] |
|
|
|------------------------+---+-------------+---+----------------------+---+---------------|
|
|
|
|
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
|
|
|
|
* What the system can do
|
|
|
|
- Discovery of other users on the network
|
|
- Text based chat, one-to-one and in groups
|
|
- Voice chat (VoIP)
|
|
- Private and public sharing of files
|
|
- Blogging
|
|
- No network administration required
|
|
- No servers, internet connection or cabling is needed.
|
|
- Works from bootable USB drives or microSD drives.
|
|
- Data is mesh routed between systems
|
|
- Private communications is end-to-end secured and forward secret.
|
|
- Publicly shared data is /content addressable/.
|
|
|
|
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
|
|
|
|
* Disk Images
|
|
** Client images
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_netbook.jpg]]
|
|
#+END_CENTER
|
|
|
|
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
|
|
|
|
#+begin_src bash
|
|
sudo apt-get install xz-utils wget
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz.sig
|
|
gpg --verify freedombone-meshclient-2.00_all-i386.img.xz.sig
|
|
sha256sum freedombone-meshclient-2.00_all-i386.img.xz
|
|
403cf1cc2bc5272e5921d3ebefc351540928141bc65641b6d16f2262a933cb4e
|
|
unxz freedombone-meshclient-2.00_all-i386.img.xz
|
|
sudo dd bs=1M if=freedombone-meshclient-2.00_all-i386.img of=/dev/sdX conv=fdatasync
|
|
#+end_src
|
|
|
|
To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
|
|
|
|
If you're in an emergency and don't have Atheros wifi dongles then there is also an "insecure" image which contains some proprietary wifi drivers which may work with a wider range of laptops. Proprietary drivers *are not recommended* because they're unsupportable and may be exploitable or contain malicious antifeatures which fundamentally compromise the security of the network. However, the trade-off between security/maintainability and simply having the ability to communicate at all may be a valid one in some situations.
|
|
|
|
#+begin_src bash
|
|
sudo apt-get install xz-utils wget
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
|
|
gpg --verify freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
|
|
sha256sum freedombone-meshclient-insecure-2.00_all-i386.img.xz
|
|
7cda1a52acad7d18156ea238d7eb550479a5f882ac45c8cf9b9e56077fb26be9
|
|
unxz freedombone-meshclient-insecure-2.00_all-i386.img.xz
|
|
sudo dd bs=1M if=freedombone-meshclient-insecure-2.00_all-i386.img of=/dev/sdX conv=fdatasync
|
|
#+end_src
|
|
|
|
** Router images
|
|
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
|
|
*** Beaglebone Black
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_router.jpg]]
|
|
#+END_CENTER
|
|
|
|
The above picture shows a Beaglebone Black with the image copied onto a microSD card (there's no need to do anything with the internal EMMC). A USB Atheros wifi adaptor with a large antenna is attached and in this case power is from the mains, although it could be from a battery or solar power system capable of supplying 5 volts and maybe 1A (depending upon how active the router is).
|
|
|
|
#+begin_src bash
|
|
sudo apt-get install xz-utils wget
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz
|
|
wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
|
|
gpg --verify freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
|
|
sha256sum freedombone-mesh-2.00_beaglebone-armhf.img.xz
|
|
daf8c82f111ae8714cffc52633156554c23d5feafabbe85cb15925e0373a3ff4
|
|
unxz freedombone-mesh-2.00_beaglebone-armhf.img.xz
|
|
sudo dd bs=1M if=freedombone-mesh-2.00_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
|
|
#+end_src
|
|
|
|
If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
|
|
|
|
There is still a software freedom issue with the Beaglebone Black, but it doesn't prevent you from running a fully free system on the board. The TI AM335X SOC has a PowerVR SGX530 GPU which will only run with a proprietary blob, but this would only be an issue for systems with a monitor or LCD screen attached running a desktop environment which also needs GPU acceleration. For "headless" systems such as servers or mesh routers this isn't a problem.
|
|
|
|
* Building Disk Images
|
|
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
|
|
|
|
First you will need to create an image. On a Debian based system (tested on Debian Stretch):
|
|
|
|
#+begin_src bash
|
|
sudo apt-get -y install build-essential libc6-dev-i386 wget \
|
|
gcc-multilib g++-multilib git python-docutils mktorrent \
|
|
vmdebootstrap xz-utils dosfstools btrfs-tools extlinux \
|
|
python-distro-info mbr qemu-user-static binfmt-support \
|
|
u-boot-tools qemu
|
|
wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz
|
|
wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz.sig
|
|
gpg --verify freedombone-mesh-13-09-2016.tar.gz.sig
|
|
sha256sum freedombone-mesh-13-09-2016.tar.gz
|
|
3e279f8ed762afb682bec6bd463830087354dd2f24020f3b0de51143585ab0ed
|
|
tar -xzvf freedombone-mesh-13-09-2016.tar.gz
|
|
cd freedombone
|
|
git checkout stretch
|
|
sudo make install
|
|
freedombone-image -t i386 -v meshclient
|
|
#+end_src
|
|
|
|
If you don't have Atheros or free software compatible wifi adapter then you can include proprietary wifi drivers which will work with most laptops. This is *NOT RECOMMENDED* because proprietary drivers are unsupportable and may contain either malware or be exploitable in a way which can't be fixed. However, if you're in an emergency and don't have any Atheros or free software wifi USB dongles then you can use the following command to make the image:
|
|
|
|
#+begin_src bash
|
|
freedombone-image -t i386 -v meshclient --insecure yes
|
|
#+end_src
|
|
|
|
This takes a while. Maybe an hour or so, depending on the speed of your system and the internets. The good news though is that once created you can use the resulting image any number of times, and you don't need to trust some pre-built image.
|
|
|
|
List what drives are on your system with:
|
|
|
|
#+begin_src bash
|
|
ls /dev/sd*
|
|
#+end_src
|
|
|
|
Now plug in the USB thumb drive, and do the same again. Notice which drive letter gets added.
|
|
|
|
You can now copy the image to the USB thumb drive, replacing *sdX* with the identifier of the USB thumb drive. Don't include any numbers (so for example use *sdc* instead of *sdc1*).
|
|
|
|
#+begin_src bash
|
|
sudo dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
|
|
#+end_src
|
|
|
|
And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.
|
|
|
|
On first boot you'll be asked to set a username, and then you can open the chat client and select the *users* icon to show the Tox IDs for other users on the mesh. When folks join they will be announced.
|
|
|
|
Rinse, repeat, for any number of laptops that you want to get onto the mesh or to build out coverage within an area. There are no servers. Just peer-to-peer communications routed through the network which are end-to-end secure after a friend request is accepted. By default the chat client doesn't log anything.
|
|
|
|
You can also use single board computers (SBCs) such as the BeagleBone Black to make mesh routers which can be bolted to walls or the sides of buildings and consume minimal electrical power, so could be solar or battery powered for short term events such as festivals. To do that use the following command to make the image:
|
|
|
|
#+begin_src bash
|
|
freedombone-image -t beaglebone -v mesh
|
|
#+end_src
|
|
|
|
The resulting image can be copied to a microSD card, inserted into a Beaglebone Black and booted. Don't forget to plug in an Atheros USB wifi dongle.
|
|
|
|
* Customisation
|
|
If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within *img/backgrounds* and to change the available avatars and desktop icons edit the images within *img/avatars*. Re-create disk images using the instructions shown previously.
|
|
|
|
If you need particular /dconf/ commands to alter desktop appearance or behavior then see the function /mesh_client_startup_applications/ within *src/freedombone-image-customise*.
|
|
* How to use it
|
|
When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users.
|
|
|
|
After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/.
|
|
|
|
** Set the Date
|
|
On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
|
|
*Right click on the date* in the top right corner of the screen. Select *preferences*, then click the *Time Settings* button. You can then select the date from the calendar and set the time, then click the *Set System Time* button. Enter the default password, which is /freedombone/.
|
|
** Check network status
|
|
Unlike with ordinary wifi, on the mesh you don't get a signal strength icon and so it's not simple to see if you have a good connection.
|
|
|
|
Select the wifi icon on the desktop and enter the password '/freedombone/'. The network configuration will go into a monitoring mode and in the bottom right side of the window you will be able to see signal strength and other parameters. This can help you to locate systems or adjust antennas to get the best wifi performance.
|
|
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_signal.jpg]]
|
|
#+END_CENTER
|
|
|
|
When you are finished close the window and then select the /Network Restart/ desktop icon, which will restart the B.A.T.M.A.N. network. You can also use the restart icon if you are within range of the mesh network but the /Chat/ and /Other Users/ icons do not automatically appear after a few minutes.
|
|
|
|
** Chat System
|
|
|
|
Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the /Chat/ and /Other Users/ icons appear. Select the users icon and you should see a list of users on the mesh. Select the /Chat/ icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then copy and paste in a Tox ID from the users list.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_paste_tox_id.jpg]]
|
|
#+END_CENTER
|
|
|
|
The other user can then accept or decline your friend request.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_friend_request.jpg]]
|
|
#+END_CENTER
|
|
|
|
You can also select an avatar by selecting the grey head and shoulders image.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_choose_avatar.jpg]]
|
|
#+END_CENTER
|
|
|
|
And by selecting the user from the list on the left hand side the chat can begin.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_text_chat.jpg]]
|
|
#+END_CENTER
|
|
|
|
One important point is that by default the microphone is turned off. When doing voice chat you can select the microphone volume with the drop down slider in the top right corner of the screen.
|
|
|
|
At present video doesn't work reliably, but text and voice chat do work well.
|
|
|
|
** Sharing Files
|
|
You can make files publicly available on the network simply by dragging and dropping them into the /Public/ folder on the desktop. To view the files belonging to another user select the desktop icon called /Visit a site/ and enter the username or Tox ID of the other user.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_share_files.jpg]]
|
|
#+END_CENTER
|
|
|
|
** Blogging
|
|
To create a blog post select the /Blog/ icon on the desktop and then use the up and down cursor keys, space bar and enter key to add a new entry. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the *CreateBlog/content/images* directory and then link to them as shown.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_new_blog.jpg]]
|
|
#+END_CENTER
|
|
|
|
To finish your blog entry just select /Save/ and then close the editor. On older hardware it may take a while to publish the results, and this depends upon the amount of computation needed by IPFS to create file hashes. If you make no changes to the default text then the new blog entry will not be saved.
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_new_blog2.jpg]]
|
|
#+END_CENTER
|
|
|
|
#+BEGIN_CENTER
|
|
[[file:images/mesh_view_blog.jpg]]
|
|
#+END_CENTER
|
|
|
|
You can also visit other blogs, edit or delete your previous entry and also change your blog theme.
|
|
|
|
|
|
#+BEGIN_CENTER
|
|
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
|
|
#+END_CENTER
|