Jaromil on Wed, 4 Jun 2014 18:15:08 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> Dowse: local area networks in the age of IoT (also meant to |
dear Nettimers, here below a software announcement and a whitepaper that I'm posting here hoping to stimulate some reflection and reasoning about the IoT scenario and user awareness concerns. The Dowse project, this is the name of it, has now reached to form of a working proof of concept (version 0.5) and its implications are not only technical, but also political and legal, putting in relationship the broad discourse about the Internet of Things and the transformations of local area networking. With Dowse we also intend to start a conceptual operation to "demilitarize networking language", well conscious that of the two possible linguistic contexts that can be attributed to a black box we choose the magic, rather than the military. We are partnering with Waag Society and seeking more partners and opportunities to make this project sustainable. Meanwhile, we have applied to CHEST for seed funding and I'd highly appreciate your support in rating this project and endorse it: http://ideas.chest-project.eu/?q=node/3358 Dowse aims to be a IoT end user appliance, but also a portable, modular and free and open source platform we can all use for further developments. Please do not hesitate to contact me on this list or in private with ideas and propositions. Thanks for your attention and support, best wishes Dowse webpage: http://dyne.org/software/dowse Dowse source on GitHub: https://github.com/dyne/dowse Dowse stable downloads: https://files.dyne.org/dowse Dowse whitepaper PDF: https://files.dyne.org/dowse/dowse_whitepaper.pdf ââââââââââââââââââââââââââââââââââââ DOWSE WHITEPAPER Dyne.org Foundation / Waag Society ââââââââââââââââââââââââââââââââââââ Table of Contents âââââââââââââââââ 1 Introduction to Dowse .. 1.1 Scenario: the Internet of Things .. 1.2 Problem: opaque gateways .. 1.3 Opportunity: the hub .. 1.4 Concept: de-militarization .. 1.5 Idea: responsible networking .. 1.6 Solution: context awareness 2 Features .. 2.1 User cases .. 2.2 Architecture .. 2.3 Technical design .. 2.4 Overview of functions .. 2.5 Proof of concept 3 Motivation 4 Open positions .. 4.1 Fundraiser .. 4.2 Campaigner .. 4.3 Organizer .. 4.4 Developers .. 4.5 Get involved 5 Acknowledgments .. 5.1 About Waag Society ..... 5.1.1 Specific Expertise .. 5.2 About Dyne.org Foundation .. 5.3 License of this document 1 Introduction to Dowse âââââââââââââââââââââââ 1.1 Scenario: the Internet of Things ââââââââââââââââââââââââââââââââââââ Running a network in the age of the Internet of Things means hosting the connectivity of multiple devices owned by a diversity of subjects. Often such devices have full access to private, common and public information about humans operating them. Furthermore, devices can talk to each other without humans being consulted, and such interactions are not even manifest. This situation raises issues that are not just technical, but socio-political, about the way *connections happen without human consent*, within local networks and towards the outside, to and from the Internet. The risks of /unconscious/ abuse and exploitation of information asymmetry are growing tremendously. As *things initiate on the behalf of users*, we are making a major leap towards a world that provides us with contexts that we may not want at all. Getting insight on such situations is crucial for societies at large. 1.2 Problem: opaque gateways ââââââââââââââââââââââââââââ As the concentration of network-connected devices and applications increases, so does the volume and complexity of network activity. While these network actors communicate on ever greater scales, the central device which interconnects them has remained basically the same. The so-called gateway or router is usually provided and programmed by an ISP, and meant to be largely ignored by the âuser.â The gateway is opaque in terminology, and an engineering of disempowerment in practice. By making the gateway an esoteric device, a closed device, a device which hides under the couch, opportunities to create, distribute, and use software which properly govern the small-scale network are lost. 1.3 Opportunity: the hub ââââââââââââââââââââââââ The centrality of the gateway device in the home/office puts it in a position of unique power and future opportunity. It is the locus of discovery, communication, and regulation between connected devices. It forms the fundamental structural matrix for the Internet of Things at the most basic scale. We see an opportunity to create a hub which is a part of the experience of the networked person, the networked household, the owner of devices, the Internet participant. While the term âhubâ belonged to the era of 10Base-T, it seems appropriate to revive the term now, as we seek a new set of generic non-authoritarian terminology to talk about the device which joins the other devices in our local network. 1.4 Concept: de-militarization ââââââââââââââââââââââââââââââ Dowse is not only a functional tool, but a symbolic operation proposing a different linguistic approach to networking. In conceptualizing and documenting Dowse, all references to military traits are removed: there is no use of "defense", "shield", "guardian" or "firewall" words. Privacy awareness (rather than protection) is envisioned and presented to its users not as a violent process, but as a responsible, natural act â one in search of harmony among those things connecting the inside and outside of a personâs private, common, and public aspects of life. 1.5 Idea: responsible networking ââââââââââââââââââââââââââââââââ In the IoT paradigm, having a clear overview of what goes in and out of the network becomes of crucial importance for home users and professionals. The ultimate question of responsibility for whatever happens within a network cannot be easily answered, considering the way /things can autonomously decide to initiate communications/. Dowse is a smart digital network appliance for home based local area networks (LAN), but also small and medium business offices, that makes it possible to *connect objects and people in a friendly, conscious and responsible manner*. Dowse aims to be a critical engineering project, abiding to the principles stated in the Critical Engineers Manifesto.[1] 1.6 Solution: context awareness âââââââââââââââââââââââââââââââ By replacing the outdated proprietary ISP âgatewayâ with an open and user-visible device, Dowse creates a new platform that leverages its topologically unique access and influence in the domain of the local-area network. It introduces a visible, malleable, knowable communications hub to the language of the small network. Dowse seizes on the power of the technologically/topologically necessary gateway/hub role to create development opportunities which cannot exist on other platforms. Dowse becomes the locus of a specific new class of end-user-visible applications which are able to perceive and affect all devices in the local sphere, whether they are open or closed. Moving above the platform of Dowse, it is in touching upon the Internet of Things that a glimmer appears of what may be Dowseâs killer app(s). These are the applications of Dowse in which human opportunities appear to interactively define the Internet of Things at a high level. The entrance or departure of a device from the local IoT ecosystem is accompanied by audiovisual interactive aspects. Such interactions extend to the new presence or absence of a communications channel, for example between an electrical meter and a corporation. The software explorations that can appear in this domain, enabled by the Dowse platform, can bring individual awareness, preference, and empowered influence to the network/IoT as its own organ. 2 Features ââââââââââ 2.1 User cases ââââââââââââââ *Imagine running a network whose password is known to several people*: while one would desire lax security in order to enable people to connect, one could then never be sure about unknown devices on the network. Dowse actively monitors network events to alert the users of significant changes: whenever a device joins the network, an audible signal is produced with a welcome message and/or light signals. Dowse grants default network access to guests while the presence of newcomers and unusual connection patterns is signaled. *Users can then mark guest devices as known* (white-listing) to grant wider or fine grained access to them, as well grant known users the right to welcome more guests. Devices can also be assigned a name which will make them reachable on the LAN via human readable URLs, as well customized audible signals like a warm "/welcome back/" for dear guests. In a highly connected home environment, Dowse will provide an easy to use interface on which proper user-centric design has been done (LEAN UX approach). Inhabitants will be able control exactly which flows of data go in and out of their private LAN space, being enabled to make decisions about new devices when they appear: from a new electricity meter to a mobile phone or computer. From a legal perspective, *Dowse clearly separates the leased network device by the network carrier (ISP) from user owned LAN devices*, making them opaque to each other. Dowse helps *removing undesired advertisements and browser malware* to make Internet surfing less distracting and less dangerous. Dowse filters all cleartext web traffic to avoid advertisements, and also applies IP block-lists to avoid known malware distributors and botnet connections. It helps to avoid damages and complaints in case a tainted device brought in by a guest connects from inside the network. Dowse enhances the privacy of people surfing the Internet in cases where *confidentiality and integrity of research is important*. For example, in the case of journalists and activists, the profiling of DNS resolution queries can be a delicate point of vulnerability to all kinds of covert operations: not just passive tapping, but also active deception. Dowse alleviates the risk in such situation by relying on the connection to a few trusted and authenticated DNS services, encrypting all traffic (UDP port 53) and avoiding the most widespread practices of covert user profiling. In case of Internet censorship, Dowse also facilitates access to parallel networks that let users circumvent limitations imposed by a connectivity carrier. Access to parallel networks like Tor, I2P, GNUnet or Netsukuku is granted without requiring users to install any software. Finally, Dowse can enable *responsible parents* to address the freedom of their kids to browse the Internet, by preventing aggressions by malware, phishing and other kind of intrusions into their experience. 2.2 Architecture ââââââââââââââââ Dowse is a *transparent proxy* facilitating the awareness of ingoing and outgoing connections, from, to, and within a local area network. Dowse provides a *central point of soft control for all local traffic*: from ARP traffic (layer 2) to TCP/IP (layers 3 and 4) as well as application space, by chaining a firewall setup to a trasparent proxy setup. A core feature for Dowse is that of *hiding all the complexity* of such a setup. Dowse commnicates with users in various ways: via a web interface, but also pushing messages via audio (synthesized speech), Bonjour and simple apps interfacing with personal mobile devices. Dowse can implement this with a complex of open-source, well established technical tools, simplifying their integrated setup: specific directives read by daemon applications are generated from a central configuration point. The configuration options visible to users are reduced to the minimum, while adopting *automatic guessing mechanisms in most cases*. Both the implementation and the user interface for Dowse are extremely minimal. Dowse is also a *highly extensible platform*: interoperability between modules is available using Socks4/5, UNIX pipes, local TCP/IP sockets and port redirection, conforming to specific daemon implementations. At the core of Dowse is a very portable shell script codebase implementing a modular plugin architecture that isolates processes and supports any executable written in any language: Shell, C, Perl, Python etc. At last, *Dowse also acts as a gateway to the future proliferation of parallel networks*, mostly based on particular content niches or on different levels of privacy granted, like Tor and GNUnet. Using Dowse, is possible to access such opaque networks without installing anything on any device, just stepping into an home or office. 2.3 Technical design ââââââââââââââââââââ At least from its first appearance on the market, and in people's home/office setups, the *Dowse box should be visible device* to virally spread its image which indicates that the local network in a particular environment is taken care of responsibly. This will involve an industrial design project of the exterior of the object at a later stage. *In its software form, Dowse will be a free and open source application bundle: OS independent and hardware independent*. A reference implementation will be distributed as a ISO, ready to be flashed on SD cards and run on RaspberryPI and other common devices running Debian and OpenWRT. In general, and considering especially the success of modular design products like RaspberryPi or Arduino, modularity should be a key feature for the final hardware box design, adopting an *add-on achitecture that allows the community to make modules and distribute them autonomously*. The Dowse box should operate on low power (USB 5v, 2.5W) and two ethernet network connectors (RJ45). It is *made to sit between the broadband network router and the rest of the internal network*, therefore it can be simply connected to the USB and Ethernet ports of the router box using short cables for a complete installation. For a first prototype, the second network interface can be realized using an additional USB adapter which can also be an Ethernet (RJ45) or WiFi adaptor, eventually turning the Dowse into a wireless access point for small areas. For a dual-ethernet prototype platform, the /Olimex A10/ so far matches best our requirements (company in Bulgaria, well distributed in Benelux) running both a stable Debian GNU/Linux based distribution or OpenWRT. The bare cost for such hardware, all included, amounts to approx 50â. 2.4 Overview of functions âââââââââââââââââââââââââ Dowse takes control of a LAN by becoming its DHCP server and thereby assigning itself as main gateway and DNS server for all clients. It keeps tracks of assigned leases by MAC Address. DNSMasq is the DHCP and DNS daemon. All network traffic is passed through NAT rules for masquerading. All HTTP traffic (TCP port 80) is filtered through a transparent proxy, using an application layer chain of Squid2 and Privoxy. All DNS traffic (UDP port 53) is filtered through DNSCrypt-proxy and encrypted using AES/SHA256 before being sent to DNSCrypt.eu or other configurable servers supporting this protocol. In the future, traffic of all kinds may be transparently proxied for monitoring, filtering, and transformation by other applications loaded on the Dowse device. All daemons are running as a unique non-privileged UID. The future plan is to separate them using a different UID for each daemon. When running on a single physical network interface Dowse will require users to deactivate manually the DHCP daemon on the ADSL router. But the hardware prototype will be based on devices with at least two RJ45 ethernet and/or a WiFi AP in order to enforce physical segmentation and isolate the broadband router into a DMZ. So far the best possibility to realize this in a modular fashion is to add USB modules that provide an extra ethernet RJ45 (~5â) and a WiFi interface (~10â). 2.5 Proof of concept ââââââââââââââââââââ Dowse already comprises of a proof of concept implementation as free software visible on [[http://www.dyne.org/software/dowse]]. This proof of concept is OS and hardware independent. It currently supports only one physical network interface, and is being tested on Debian. Also see [[http://freecode.com/projects/dowse]] and [[http://ohloh.net/p/dowse]]. Dowse 0.4 can only be operated from a terminal, and it has a rudimentary implementation for modules, including working instances of DNSCrypt-proxy and Tor as gateway to the .Onion network. 3 Motivation ââââââââââââ The goals for Dowse are in first place ethical: our priorities go far beyond the sustainability of the project itself, ultimately aiming at the production, enhancement and distribution of responsible and free/libre software. In the long term there is a business model that we envision, and it should make this initiative well sustainable. It is the business scheme adopted by most succesful *free software* and *open hardware* bundles that bring to market a product for which there is high demand by virtue of viral adoption and de-facto simple standards. In order to achieve such a success, the ambition we put forward is that of following a /LEAN/ approach to the design of this project, and therefore we invite all recipients of this document to be involved in a user-centered design process. In order to have results, we will *defer long-term research tasks in favor of rapid achievements* that will enable developers and designers to have a close-knit feedback loop with use cases. In the medium-term we will seek alliances with existing hardware producers and utility distributors to adopt Dowse as a well documented, minimal and solid platform for generic development. We envision a win-win situation for the adoption of Dowse by specific utility distributors, on national and regional scales, that will benefit from a *shared, community driven, decentralized and peer reviewed R&D process*, insuring the long term sustainability of devices embedded in domotic installations and running crucial network operations. We do hope for the network effect and high demand for this product to be driven by recent events which have woken up the world to the importance of privacy and integrity, and also by the fact that existing devices of this kind (routers, switches, wifi access points) offer a sub-optimal and hardly usable set of functions for *awareness in the age of the Internet of Things*, which currently in the best case are designed to be operated by specialized engineers and security experts. In the longer term, high quality, low production, adaptability and resilience are key to the business model of Dowse, which configures itself as a design intensive project with low hardware requirements. 4 Open positions ââââââââââââââââ This sketch of available positions is negotiable with initial partners as it can benefit from their valuable experience. 4.1 Fundraiser ââââââââââââââ Public seed funds play a crucial role in the bootstrap of the Dowse project. We need a professional figure to engage this task, gather information starting from this document and the input produced by the community and developers, bring all into the format of various public funding applications. 4.2 Campaigner ââââââââââââââ We need to involve into Dowse someone who has good experience in building media campaigns well-grounded in the ethical principles of free/libre software and who has mastered digital design and web publishing. Audio/Video making skills are also crucial: we'll need to rapidly run a low-budget production with interviews to be consolidated into one or two trailer videos and a succint website. Requisites: communication skills, good knowledge of languages (English and Spanish primarily; Italian, French and German a plus), multimedia editing abilities and website design. This is a key position. The campaigner(s) won't play a publicly visible role, rather than work towards the visibility of Dowse as a project. It can be a single full-time position or two part-time positions. The campaigner should foster discussion among opinion makers at large, with emphasis for adoption of /dowsing/ devices into the European market, which should be sold devices (not leased) in complete control of their proprietors. In the midst of the Dowse development plan there is also the intention to run a "crowdfunding" pre-order campaign that will deliver a first batch of Dowse boxes. Such a campaign will be crucial to provide a part of the funding necessary for Dowse, as well will provide a success indicator. The production of Dowse can be scaled up to 1000 devices in this phase (approx â100 each) without much effort and keen supporters can decide to become stakeholders by paying a "share" entitling them to more benefits and recognition. 4.3 Organizer âââââââââââââ The organizer will be active on all aspects of production for the realisation of events and hackatons. There are a few months allocated since this position does not need to be involved all the time. 4.4 Developers ââââââââââââââ We need developers with solid background in GNU/Linux system administration, shell scripting, and GNU coding and documentation quality standards. There are 2 basic open positions for developers: 1 senior part-time, and 1 junior full-time (or 2 junior part-time). Starting from the current software configuration, developers should bring the codebase to a stable stage and package it in binary form to distribute it as a ready-to-run image for RPi devices. Developers will have to follow a LEAN UX process of analysis in the beta-testing phase, writing an A.I. that can adapt network configurations for different situations. Another main task will be that of developing and documenting a modular and minimal software architecture. The final task will be that of fine tuning Dowse to work as an hardware product. 4.5 Get involved ââââââââââââââââ We welcome organizations and individuals to get involved in Dowse providing insights, use cases, endorsements and help with this campaign. Please communicate interest, intentions, funding proposals and suggestions to *[email protected]*. Website: [[http://dyne.org/software/dowse]] Code repository: [[https://github.com/dyne/dowse]] 5 Acknowledgments âââââââââââââââââ In 2014 Jaromil has conceived the Dowse plan, proof of concept and the making of this whitepaper. Earliest contributors to the whitepaper drafting process are Hellekin O. Wolf, Anatole Shaw, Juergen Neumann, Federico Bonelli, Julian Oliver, Tom Demeyer, Mieke van Heesewijk and Floris Kleemans. 5.1 About Waag Society ââââââââââââââââââââââ Waag Society is an interdisciplinary non-profit media lab researching, developing and experimenting with new technology, art and culture. The foundationâs vision is that technology determines societyâs present and future and people have to be able to understand it, use it and influence its course. Waag Societyâs mission is to work in interdisciplinary teams to provide meaning and give direction to the role of technology in society. In co-operation with end-users it develops technology that enables people to express, connect, reflect and share. It hosts events and plays an active role in debates about technology and related issues like trust, privacy and IP. Waag Society is part of the Dutch national infrastructure for the arts and culture. It was founded in 1994 and has its roots in the Digital City (1994). The Digital City was the first online community, which aimed to question The Internet â in those days limited to science and defense â and make it available for everybody. Nowadays the Internet is all around and new technologies are to be explored and made usable, such as RFID, GPS, Fablabs, Cradle to Cradle and new forms of gaming, participation and distributed cooperation. 5.1.1 Specific Expertise ââââââââââââââââââââââââ Waag Society has longtime experience in interdisciplinary community building, project management in innovative and avant-garde projects and hosts technical infrastructures of several cultural institutions in Amsterdam. Waag Societyâs Creative Learning Labâs goal within the domain of education is innovation. The Creative Learning Lab has a wide experience in developing creative technology for innovation in education. The Lab has a broad network in educational institutions in the Netherlands at different levels. Waag Society takes part in several national and international programmes on Open Data. It is co-initiator of Apps for Amsterdam and Apps for Holland. These bring together future-minded civil servants and a community of hackers and civic innovators. Furthermore, it builds an Open Data service innovation infrastructure in the national programme Virtual Creative Collaboration Platform. Apart from this, it is partner in the Open Data working strand of Open Cities. Waag Society is part of a think tank of the Municipality of Amsterdam addressing Open Data & Sustainability. The think tank focuses on the topic from several perspectives: public administration, public engagement and interactivity, legal and regulatory issues, service development on shared open data platforms and competitiveness. Waag Society founding partner in the Dutch chapter of Creative Commons. Creative Commons is an international organization dedicated to propose alternative, open Intellectual Propperty schemes that foster the needs of professional makers, amateurs and society alike. Waag Society is part of MITâs global Fablab (Fabrication Lab) network of standardized open hardware setups with i.e. laser cutterâs and 3D printers. People from all over the world use Fablabs to create and develop their own ideas and solutions. Based on Fablab philosophy Waag Society and partners organize the annual (un)limited Design Contest, proclaiming that the design of products is no longer restricted to professional designers. Contestants are stimulated to practice Open Design, making mash-ups of existing designs and in return the blueprints are to be given back to the community. In 2010 the kick-off of the contest is held at the DMY Festival in Berlin. Waag Society is co-founder of PICNIC Amsterdam - an interdisciplinary annual network festival bringing together and disseminating the ideas and knowledge of the world's best creators and innovators. 5.2 About Dyne.org Foundation âââââââââââââââââââââââââââââ Dyne.org is a digital born organization committed to research and development of free and open source software and services. Dyne.org acts in support of artists, creatives and engaged citizens in the digital age with tools, practices and narratives for community empowerment. Since its birth in 2000 several radio makers, humanitarian organisations, artists, medics, activists and educators employed and redistributed our software worldwide and free of charge. Dyne.org is constituted by an international network of experts syndicating and contributing to diverse technological developments for their quality and role within societies. Among its peers Dyne.org shares mutual support and resources for peace and equal rights, operating outside the logic of profit and competition. The mission of Dyne.org is to supports cooperation within social contexts to leverage on-line and on-site community values, to empower people with the hacker attitude to re/think, re/mix and re/design to circumvent limitations and find a ways out from economies based on scarcity and privilege. At the origin of Dyne.org are several BBS and in particular the Freaknet, which is now an on-line and on-site medialab and computer museum based in the Mediterranean island of Sicily, surviving since 1994 the hostile environment of South Italian criminal administration and cultural repression. Dyne.org members regularly gather in the Italian Hackmeeting which is, since 1998, the annual gathering of many computer and reality hackers, an auto-organized TAZ inspired by people and projects at CCC, 2600, GNU and EFF. In 2001 Dyne.org started developing the dyne:bolic GNU/Linux distribution, 100% free multimedia operating system that works well on recycled computers, endorsed and promoted by the Free Software Foundation. Further on Dyne.org has been developing and documenting a variety of empowering tools made by and for digital natives around the world, running workshops and putting in contact artists and practitioners, providing a public and common space for on-line interactions. Among the others, Dyne.org creations have been redistributed by: ââââââââââââââââââââââââââââââââââââââââââââââââ Free Software Foundation (USA) Montevideo / Time Based Arts (NL) Ircam, Centre Pompidou (FR) Providence Univ. Taichung (TW) Tecnhische Univ. Ilmenau (DE) Netherlands Unix User Group (NL) Instituto de ComputaÃÃo Uni de Campinas (BR) Heraklion University Crete (GR) Ibiblio public library UNESCO ââââââââââââââââââââââââââââââââââââââââââââââââ In 2013 Dyne.org became an European research organization, partner of the D-CENT project (FP7/CAPS). 5.3 License of this document ââââââââââââââââââââââââââââ The Dowse Whitepaper is Copyleft (C) 2014 by Denis Roio <[email protected]> The Dowse Logo is Copyleft (C) 2014 by Hellekin O. Wolf <[email protected]> The Dowsing for Networks photograph is Copyleft (C) 2014 by Anatole Shaw These works are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Netherlands License. To view a copy of this license (english translation), visit [http://creativecommons.org/licenses/by-nc-sa/3.0/] or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. Deze werken zijn gelicenseerd onder een Creative Commons Naamsvermelding-NietCommercieel-GelijkDelen 3.0 Nederland. Bezoek [http://creativecommons.org/licenses/by-nc-sa/3.0/nl/] om een kopie te zien van de licentie of stuur een brief naar Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. Footnotes âââââââââ [1] Berlin, October 2011, see: [http://criticalengineering.org] -- http://jaromil.dyne.org GPG: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: [email protected]