aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/captions/2007
diff options
context:
space:
mode:
Diffstat (limited to 'en_US.ISO8859-1/captions/2007')
-rw-r--r--en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv2391
-rw-r--r--en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv943
2 files changed, 3334 insertions, 0 deletions
diff --git a/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv
new file mode 100644
index 0000000000..1bba30ffdc
--- /dev/null
+++ b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv
@@ -0,0 +1,2391 @@
+0:00:09.649,0:00:15.249
+Fortunately my slide will be centered, because
+I'll have to change resolutions, I think this works out..
+
+0:00:15.249,0:00:19.310
+And, it's about protecting your privacy with FreeBSD and Tor
+
+0:00:19.310,0:00:20.859
+and, uh...
+
+0:00:20.859,0:00:21.480
+Privacy
+
+0:00:21.480,0:00:25.859
+what I mean here is mostly anonymity
+
+0:00:25.859,0:00:28.889
+but there are some other aspects that
+
+0:00:28.889,0:00:34.390
+I'll talk about later
+
+0:00:34.390,0:00:36.290
+uh, so...
+
+0:00:36.290,0:00:39.500
+I want to first talk about who needs anonimity anyway
+
+0:00:39.500,0:00:42.880
+is it just for criminals or some other bad guys, right?
+
+0:00:42.880,0:00:44.209
+after this
+
+0:00:44.209,0:00:50.940
+anonymization concepts, then Tor. Tor's a, well, a tool
+
+0:00:50.940,0:00:52.870
+to, uh...
+
+0:00:52.870,0:00:59.320
+anonymize you on the Web. Then I'll talk about what
+FreeBSD can do with it
+
+0:00:59.320,0:01:00.430
+and what else
+
+0:01:00.430,0:01:01.980
+you have to take care of
+
+0:01:01.980,0:01:06.070
+when you want to be anonymous on the Web or the Internet
+
+0:01:06.070,0:01:06.650
+and uh,
+
+0:01:06.650,0:01:12.280
+if time permits I'd like to do a little demonstration
+
+0:01:12.280,0:01:16.970
+Ok, so who needs anonymity anyway?
+
+0:01:16.970,0:01:20.510
+Anonymity is a pretty vast
+
+0:01:20.510,0:01:22.030
+interest to most people
+
+0:01:22.030,0:01:24.740
+but it's really important for
+
+0:01:24.740,0:01:26.400
+journalists... There was a case in, uh,
+
+0:01:26.400,0:01:28.619
+Thailand last year
+
+0:01:28.619,0:01:32.510
+when the military coup was going on
+
+0:01:32.510,0:01:38.150
+and the journalists in Thailand couldn't really uh,
+
+0:01:38.150,0:01:39.830
+journalists couldn't really, uh
+
+0:01:39.830,0:01:43.050
+get the information they needed to do their work
+
+0:01:43.050,0:01:45.750
+also, uh, informants
+
+0:01:45.750,0:01:49.100
+whistleblowers... people who want to tell you about
+
+0:01:49.100,0:01:52.490
+corruption going on in governments and companies
+
+0:01:52.490,0:01:56.460
+and don't want to lose their job for it... Dissidents
+
+0:01:56.460,0:01:58.250
+uh, best case
+
+0:01:58.250,0:02:01.610
+when in Myanmar
+
+0:02:01.610,0:02:03.750
+last few weeks ago
+
+0:02:03.750,0:02:05.290
+when the
+
+0:02:05.290,0:02:07.649
+all the Buddhists monks were going to the streets and uh,
+
+0:02:07.649,0:02:09.879
+the Internet was totally censored
+
+0:02:09.879,0:02:14.899
+it was really dangerous to do anything on the Internet
+
+0:02:14.899,0:02:17.719
+so, so umm
+
+0:02:17.719,0:02:20.489
+socialy sensitive information, like when you want to uh,
+
+0:02:20.489,0:02:23.719
+when you were abused
+
+0:02:23.719,0:02:25.769
+and want to talk to other people about it
+
+0:02:25.769,0:02:30.039
+you don't... naturally you don't want other people to
+know who you are
+
+0:02:30.039,0:02:31.840
+as it will be very embarrassing
+
+0:02:31.840,0:02:33.779
+also Law Enforcement, ah
+
+0:02:33.779,0:02:38.579
+for example, uh, when you want to set up a
+
+0:02:38.579,0:02:41.669
+an anonymous tipline for crime reporting
+
+0:02:41.669,0:02:45.810
+and uh, also companies that want to, uh
+
+0:02:45.810,0:02:48.079
+research competition, as one case that, uh
+
+0:02:48.079,0:02:51.029
+that a company went to check the, uh
+
+0:02:51.029,0:02:54.339
+website competition and they noticed when they used Tor
+
+0:02:54.339,0:02:58.209
+that, uh, they were actually getting a different website
+when they
+
+0:02:58.209,0:03:00.829
+uh, were coming from the corporate LAN
+
+0:03:00.829,0:03:04.609
+than anyone else was getting, so ah,
+
+0:03:04.609,0:03:07.509
+it's a good way to, uh,
+
+0:03:07.509,0:03:11.859
+check out... competition like this
+
+0:03:11.859,0:03:13.349
+Also military
+
+0:03:13.349,0:03:15.679
+actually military was one of the, uh
+
+0:03:15.679,0:03:17.479
+original
+
+0:03:17.479,0:03:20.510
+driving forces behind the
+
+0:03:20.510,0:03:24.319
+anonymization research.
+
+0:03:24.319,0:03:26.169
+and maybe you
+
+0:03:26.169,0:03:28.799
+may have heard of the European Union
+
+0:03:28.799,0:03:30.349
+Data Retention Directive?
+
+0:03:30.349,0:03:33.039
+where, umm
+
+0:03:33.039,0:03:35.739
+collection data gets stored
+
+0:03:35.739,0:03:41.259
+six to twenty-four months? Depends on the limitation
+on the different nations
+
+0:03:41.259,0:03:45.069
+Two weeks back this was, uh,
+
+0:03:45.069,0:03:47.729
+the law was passed in Germany
+
+0:03:47.729,0:03:48.900
+so, uh
+
+0:03:48.900,0:03:50.450
+from first January on,
+
+0:03:50.450,0:03:52.159
+every connection, phone connection,
+
+0:03:52.159,0:03:55.389
+SMS, IP connections,
+
+0:03:55.389,0:03:58.480
+email, or the dial-in data needs to be stored
+
+0:03:58.480,0:04:00.449
+by providers for six months
+
+0:04:00.449,0:04:02.510
+and, uh,
+
+0:04:02.510,0:04:05.379
+sooner or later it's going to be in Poland as well
+
+0:04:05.379,0:04:07.689
+[talking]
+
+0:04:07.689,0:04:14.689
+well, you're part of the Euro Union now, so ah, welcome!
+
+0:04:16.989,0:04:18.529
+okay, uh
+
+0:04:18.529,0:04:21.220
+that's a
+
+0:04:21.220,0:04:27.110
+maybe you want to hide what interests you have and uh,
+who you talk to, I mean uh,
+
+0:04:27.110,0:04:30.889
+like all of you know the Internet isn't very
+
+0:04:30.889,0:04:34.199
+secure in the first place so your ISP can see who you're
+talking to
+
+0:04:34.199,0:04:37.780
+if they bother to find out
+
+0:04:37.780,0:04:40.709
+yeah, and also
+
+0:04:40.709,0:04:46.279
+criminals, but um, they already do illegal stuff and they
+don't care about
+
+0:04:46.279,0:04:51.629
+doing more illegal stuff to stay anonymous, right? They can
+uh, steal people's identities, they can rent botnets or
+create them in the first place
+
+0:04:51.629,0:04:53.829
+and uh,
+
+0:04:53.829,0:04:54.689
+or just
+
+0:04:54.689,0:04:59.689
+crack one of the thousands of Windows computers online,
+no big deal
+
+0:04:59.689,0:05:02.029
+so, uh
+
+0:05:02.029,0:05:05.199
+Criminals already do this and uh,
+
+0:05:05.199,0:05:06.360
+the normal
+
+0:05:06.360,0:05:13.360
+citizens can't do this so...
+
+0:05:14.680,0:05:16.460
+So all the groups that need anonymization are very different,
+
+0:05:16.460,0:05:18.330
+but they all have the same goal, and uh
+
+0:05:18.330,0:05:20.619
+that's also one of the
+
+0:05:20.619,0:05:22.229
+key concepts of
+
+0:05:22.229,0:05:22.919
+anonymization
+
+0:05:22.919,0:05:24.090
+you can't really
+
+0:05:24.090,0:05:25.930
+stay anonymous on your own
+
+0:05:25.930,0:05:28.999
+you needs the help of more people
+
+0:05:28.999,0:05:30.559
+and uh,
+
+0:05:30.559,0:05:32.680
+the more diverse the group that needs
+
+0:05:32.680,0:05:38.539
+anonymity, the better
+
+0:05:38.539,0:05:40.979
+Ok, so on to talking about two
+
+0:05:40.979,0:05:42.949
+anonymization concepts
+
+0:05:42.949,0:05:44.539
+uh huh
+
+0:05:44.539,0:05:51.539
+Proxy? Everyone here probably knows how a proxy works,
+uh yeah
+
+0:05:52.559,0:05:53.169
+LANs connect to the proxy and request
+
+0:05:53.169,0:05:57.290
+a website or whatever and the proxy
+
+0:05:57.290,0:06:00.359
+just passes it on and pass through
+
+0:06:00.359,0:06:03.789
+right
+
+0:06:03.789,0:06:04.680
+um
+
+0:06:04.680,0:06:09.329
+Proxys are fast and simple but it's a single point of
+failure, like uh,
+
+0:06:09.329,0:06:13.139
+when law enforcement or anyone else wants to
+uh, know
+
+0:06:13.139,0:06:15.289
+who you're talking to they just
+
+0:06:15.289,0:06:19.759
+get a subpoena or
+
+0:06:19.759,0:06:22.440
+break into the computer room or whatever
+
+0:06:22.440,0:06:26.400
+it's pretty easy
+
+0:06:26.400,0:06:30.050
+Second anonymization concept is mixed,
+
+0:06:30.050,0:06:32.549
+it's really old from nineteen eighty one
+
+0:06:32.549,0:06:35.099
+so you can see, uh,
+
+0:06:35.099,0:06:41.150
+how long the research in this area is going on
+
+0:06:41.150,0:06:43.150
+the mix is kind of similar to a proxy
+
+0:06:43.150,0:06:47.090
+like, trying to connect to it to send the messages
+
+0:06:47.090,0:06:50.779
+and the mix collects them
+
+0:06:50.779,0:06:54.550
+and no less than um
+
+0:06:54.550,0:06:56.699
+it puts them all
+
+0:06:56.699,0:06:58.319
+in through different coincides and uhm,
+
+0:06:58.319,0:07:00.169
+you see here it
+
+0:07:00.169,0:07:03.849
+shuffles them and waits
+
+0:07:03.849,0:07:08.930
+til there's enough data in it and just
+
+0:07:08.930,0:07:11.039
+shoves them and sends them back out so
+
+0:07:11.039,0:07:18.039
+um, this is to protect against correlation effects.
+
+0:07:20.219,0:07:22.439
+But second in...
+
+0:07:22.439,0:07:23.379
+Oh yeah, and
+
+0:07:23.379,0:07:27.879
+when you actually put several mixes uh
+
+0:07:27.879,0:07:31.259
+behind them; it's a mixed escape and uh,
+
+0:07:31.259,0:07:32.149
+between mixes is also
+
+0:07:32.149,0:07:35.330
+a friction going on, uh, the first
+
+0:07:35.330,0:07:38.349
+or the client which is
+
+0:07:38.349,0:07:44.069
+you could see here if this lights would be centered, uh,
+
+0:07:44.069,0:07:46.029
+what else gets the
+
+0:07:46.029,0:07:48.879
+public keys of all the mixes
+
+0:07:48.879,0:07:51.160
+and encrypts the message first for each of them
+
+0:07:51.160,0:07:54.879
+and each mix removes one encryption layer and
+
+0:07:54.879,0:07:59.280
+uh, the last one actually passes on the message unencrypted
+
+0:07:59.280,0:08:04.369
+and uhm, loop back backwards the same
+
+0:08:04.369,0:08:06.379
+So, as you can probably imagine,
+
+0:08:06.379,0:08:11.389
+if you wait until you have enough messages, ah, and all
+public key encryption
+
+0:08:11.389,0:08:12.280
+is going pretty slow
+
+0:08:14.069,0:08:17.939
+and uh,
+
+0:08:17.939,0:08:20.360
+this concept is mostly used for
+
+0:08:20.360,0:08:22.419
+remailers like
+
+0:08:22.419,0:08:26.359
+MixMinion, for example uh
+
+0:08:26.359,0:08:28.800
+where it's not really a possib... um
+
+0:08:28.800,0:08:32.610
+it's not really important
+
+0:08:32.610,0:08:33.979
+if the message is a couple of seconds
+
+0:08:33.979,0:08:36.540
+late or something, but it's not really
+
+0:08:36.540,0:08:39.870
+great for uh, for
+
+0:08:39.870,0:08:41.830
+low latency connections,
+
+0:08:41.830,0:08:44.730
+like web routing for example
+
+0:08:44.730,0:08:47.060
+but what's good about it it's uh
+
+0:08:47.060,0:08:50.500
+distrinuted trust uh,
+
+0:08:50.500,0:08:54.940
+just one these mixes has to be secure to actually
+
+0:08:54.940,0:08:56.840
+anonymize the whole connection
+
+0:08:56.840,0:08:58.460
+so it's slow but it's
+
+0:08:58.460,0:09:05.460
+distributed trust, which is good.
+
+0:09:06.230,0:09:09.930
+So, I want to introduce Tor
+
+0:09:09.930,0:09:12.320
+Tor stands for The Onion Router.
+
+0:09:12.320,0:09:16.340
+It's a concept that is actually built on
+
+0:09:16.340,0:09:17.720
+both these concepts
+
+0:09:17.720,0:09:21.340
+mixes and proxies.
+
+0:09:21.340,0:09:22.770
+It's a TCP-Overlay network,
+
+0:09:22.770,0:09:24.900
+means you can, uh
+
+0:09:24.900,0:09:25.560
+channel any
+
+0:09:25.560,0:09:27.320
+TCP connection through it
+
+0:09:27.320,0:09:28.480
+theoretically
+
+0:09:28.480,0:09:31.310
+uh, theoretically I will explain
+
+0:09:31.310,0:09:33.790
+a couple of slides later
+
+0:09:33.790,0:09:37.040
+it provides a SOCKS interface so you don't need any uh,
+
+0:09:37.040,0:09:42.060
+special application proxies like any application that uses
+SOCKS interface can just,
+
+0:09:42.060,0:09:43.370
+talk to talk
+
+0:09:43.370,0:09:48.070
+and it's available on, um, all major platforms
+
+0:09:48.070,0:09:53.940
+what is uh, especially important is available in Windows
+
+0:09:53.940,0:09:55.850
+'cause, uhm, like I said earlier once
+
+0:09:55.850,0:09:57.740
+you want a really diverse,
+
+0:09:57.740,0:09:59.560
+really diverse group of users
+
+0:09:59.560,0:10:05.250
+so you actually need uh,
+
+0:10:05.250,0:10:06.860
+the normal user
+
+0:10:06.860,0:10:13.150
+not just geeks.
+
+0:10:13.150,0:10:15.160
+Um, well it aims to uhm
+
+0:10:15.160,0:10:15.939
+combine the positive attributes of
+
+0:10:15.939,0:10:17.480
+proxies and mixes
+
+0:10:17.480,0:10:18.749
+Like, proxies are fast, but
+
+0:10:18.749,0:10:20.620
+seem prone to failure
+
+0:10:20.620,0:10:21.770
+and mixes
+
+0:10:21.770,0:10:24.590
+distributed trust, you want to combine them
+
+0:10:24.590,0:10:29.930
+so uh
+
+0:10:29.930,0:10:31.310
+Fast, uh, Tor use not only public key
+
+0:10:31.310,0:10:33.220
+encryption but also session keys
+
+0:10:33.220,0:10:35.170
+symmetrically encrypted.
+
+0:10:35.170,0:10:37.260
+so uh
+
+0:10:37.260,0:10:41.710
+All the connection set up is this public key so you just, uh
+
+0:10:41.710,0:10:44.840
+authentication and stuff?
+
+0:10:44.840,0:10:50.860
+And uh, the actual communication that's going on later
+is always symmetrically encrypted
+
+0:10:50.860,0:10:54.170
+And uh, so it's also TCP multiplexing
+
+0:10:54.170,0:10:55.850
+so you can run
+
+0:10:55.850,0:10:58.520
+several TCP connections through one
+
+0:10:58.520,0:11:02.220
+virtual Tor connection.
+
+0:11:02.220,0:11:05.610
+And the design goals are
+
+0:11:05.610,0:11:06.790
+yeah
+
+0:11:06.790,0:11:07.880
+deployability
+
+0:11:07.880,0:11:09.770
+like dums want the user to actually have
+
+0:11:09.770,0:11:12.680
+to patch his PC off the Operating System or something
+
+0:11:12.680,0:11:16.070
+just be in a... workable state really fast
+
+0:11:16.070,0:11:19.340
+um, usability,
+
+0:11:19.340,0:11:20.600
+so you get the uh,
+
+0:11:20.600,0:11:22.400
+normal users
+
+0:11:22.400,0:11:26.850
+not just the geeks. Flexibility, uhm
+
+0:11:26.850,0:11:28.310
+it's aimed to
+
+0:11:28.310,0:11:29.910
+enable more research
+
+0:11:29.910,0:11:32.010
+in this whole area.
+
+0:11:32.010,0:11:33.059
+so, uh
+
+0:11:33.059,0:11:34.679
+the protocol to all users
+
+0:11:34.679,0:11:37.890
+should be really flexible
+
+0:11:37.890,0:11:42.110
+And uh, for simplicity it's a security application and
+
+0:11:42.110,0:11:45.900
+well complexity doesn't play well with uh,
+
+0:11:45.900,0:11:52.070
+security
+
+0:11:52.070,0:11:53.190
+So, this uh,
+
+0:11:53.190,0:11:55.300
+it's how Tor works, more or less
+
+0:11:55.300,0:11:58.800
+Dave is uh, a directory server,
+
+0:11:58.800,0:12:03.160
+it uh, caches information about the network state
+
+0:12:03.160,0:12:08.130
+and uh, which Tor servers are available in the network
+
+0:12:08.130,0:12:09.490
+and uh
+
+0:12:09.490,0:12:10.930
+Alice downloads
+
+0:12:10.930,0:12:14.740
+this whole list from Dave
+
+0:12:14.740,0:12:18.940
+you see the Tor nodes with the plus here?
+
+0:12:18.940,0:12:21.020
+Through this random
+
+0:12:21.020,0:12:22.790
+tree of service
+
+0:12:22.790,0:12:23.910
+when she wants to talk to Jane
+
+0:12:23.910,0:12:30.380
+for example
+
+0:12:30.380,0:12:34.280
+The first one is the entry node, middle LAN nodes, and the
+uh exit nodes, I will leave thes for later
+
+0:12:34.280,0:12:41.000
+uh, so this
+
+0:12:41.000,0:12:43.990
+Alice talks to the entry node
+
+0:12:43.990,0:12:47.550
+there's a connection that is going on and is public key
+encrypted
+
+0:12:47.550,0:12:51.330
+and they establish a session key and same
+
+0:12:51.330,0:12:53.090
+thing goes on
+
+0:12:53.090,0:12:58.520
+in these two and these two so they can communicate later on
+
+0:12:58.520,0:12:59.780
+What's really important here
+
+0:12:59.780,0:13:00.629
+is the last connection here
+
+0:13:00.629,0:13:03.090
+is actually unencrypted.
+
+0:13:03.090,0:13:05.240
+I will talk about it later
+
+0:13:05.240,0:13:06.610
+So it has to be unencrypted
+
+0:13:06.610,0:13:13.610
+so you can get your request through
+
+0:13:20.690,0:13:22.700
+this is a virtual circuit
+
+0:13:22.700,0:13:24.490
+that gets established and uh
+
+0:13:24.490,0:13:29.190
+every, every
+
+0:13:29.190,0:13:31.340
+ten minutes
+
+0:13:31.340,0:13:32.450
+a new circuit is built
+
+0:13:32.450,0:13:37.250
+when a new website, when a new request come through, so uh
+
+0:13:37.250,0:13:40.080
+this one stays, all these connections above stays
+
+0:13:40.080,0:13:41.940
+in this circuit
+
+0:13:41.940,0:13:43.630
+and after ten
+
+0:13:43.630,0:13:45.410
+when after ten minutes, ah
+
+0:13:45.410,0:13:52.410
+Alice wants to talk to Jane, a new circuit is built
+
+0:13:53.610,0:13:55.410
+and uh, this is important
+
+0:13:55.410,0:13:56.920
+to get strong
+
+0:13:56.920,0:13:57.710
+anonymity
+
+0:13:57.710,0:14:00.220
+in case one connection is compromised, for example.
+
+0:14:00.220,0:14:01.600
+An these ten minutes
+
+0:14:01.600,0:14:04.490
+are really an arbitrary value
+
+0:14:04.490,0:14:08.560
+,you can choose anything
+
+0:14:08.560,0:14:10.660
+you have to do the research
+
+0:14:10.660,0:14:11.970
+which value is best and so
+
+0:14:11.970,0:14:18.970
+ten minutes is compromised.
+
+0:14:19.840,0:14:22.240
+With all you get exit policies,
+
+0:14:22.240,0:14:24.640
+this is important for the exit node
+
+0:14:24.640,0:14:27.880
+the one which actually send the uh,
+
+0:14:27.880,0:14:30.410
+original request to the destination server
+
+0:14:30.410,0:14:31.670
+and huh
+
+0:14:31.670,0:14:32.839
+you can control which
+
+0:14:32.839,0:14:34.220
+TCP connections you want
+
+0:14:34.220,0:14:39.180
+to allow from your node if you want
+
+0:14:39.180,0:14:41.000
+that's default policy which uh
+
+0:14:41.000,0:14:43.610
+blocks SMTP and NNTP to prevent uh
+
+0:14:43.610,0:14:48.080
+spamming and all stuff
+
+0:14:48.080,0:14:49.060
+but you can actually allow
+
+0:14:49.060,0:14:51.970
+SMTP if you want
+
+0:14:51.970,0:14:54.070
+and there's some other ports blocked
+
+0:14:54.070,0:14:56.170
+but the rest of it works so
+
+0:14:56.170,0:14:57.900
+HTTP SSH
+
+0:14:57.900,0:15:01.630
+all the important stuff
+
+0:15:01.630,0:15:05.250
+that you would want to minimize just works
+
+0:15:05.250,0:15:10.290
+and uh, if you uh
+
+0:15:10.290,0:15:13.050
+this is important for uh, if you
+
+0:15:13.050,0:15:18.540
+want to run you node, uh
+
+0:15:18.540,0:15:19.220
+waht kind of node you actually want to run
+
+0:15:19.220,0:15:24.120
+if you look at the picture, uh earlier
+
+0:15:24.120,0:15:31.120
+there's these three different nodes: entry node,
+middleman note, and exit node
+
+0:15:32.400,0:15:34.180
+and uh, which node you want to run
+
+0:15:34.180,0:15:36.780
+depends on how many problems you want afterwards
+
+0:15:36.780,0:15:39.590
+I will talk about it later uh
+
+0:15:39.590,0:15:40.970
+this one,
+
+0:15:40.970,0:15:46.950
+the exit node actually forwards the uh, requested date, uh
+
+0:15:46.950,0:15:47.700
+depends upon what
+
+0:15:47.700,0:15:51.570
+what the user actually uh wants, that's
+
+0:15:51.570,0:15:52.830
+if the user uh
+
+0:15:52.830,0:15:58.020
+Alice in this case uh
+
+0:15:58.020,0:16:02.080
+insults someone out on a web forum, then uh the uh
+
+0:16:02.080,0:16:03.470
+administrator of the forum will see the IP address
+
+0:16:03.470,0:16:05.340
+of the
+
+0:16:05.340,0:16:11.230
+exit node in his forum and not the one
+
+0:16:11.230,0:16:15.330
+of Alice so uh he's going to have the problems later on
+
+0:16:15.330,0:16:18.250
+so I will talk about it later
+
+0:16:18.250,0:16:21.600
+but you have to keep this in mind
+
+0:16:21.600,0:16:28.600
+and uh, keep up everything and uh we can play the role of
+entry nodes and middle man nodes
+
+0:16:30.170,0:16:37.170
+which is also important
+
+0:16:39.130,0:16:42.930
+Special feature of Tor are hidden services
+
+0:16:42.930,0:16:45.850
+these are services which can be
+
+0:16:45.850,0:16:46.990
+accessed
+
+0:16:46.990,0:16:49.420
+without having an IP address
+
+0:16:49.420,0:16:50.960
+so uh
+
+0:16:50.960,0:16:56.300
+you can't really find them physically
+
+0:16:56.300,0:16:57.880
+so if you want to run a
+
+0:16:57.880,0:16:59.720
+hidden service you can do it from anywhere
+
+0:16:59.720,0:17:01.850
+do it from inside this private network here
+
+0:17:01.850,0:17:05.950
+instead of a service and everyone in the outside world can
+actually access it
+
+0:17:05.950,0:17:07.770
+even if you don't have the rights to do
+
+0:17:07.770,0:17:11.330
+port forwarding or something
+
+0:17:11.330,0:17:13.580
+uh, this is really important to, uh
+
+0:17:13.580,0:17:15.690
+resist Denial of Service, for example
+
+0:17:15.690,0:17:20.160
+'cause every uh,
+
+0:17:20.160,0:17:20.519
+every client that wants to
+
+0:17:20.519,0:17:22.829
+access the service uh, gets
+
+0:17:22.829,0:17:25.700
+gets a different route in the network
+
+0:17:25.700,0:17:26.529
+and uh, it's hard
+
+0:17:26.529,0:17:28.460
+to actually uh
+
+0:17:28.460,0:17:31.970
+DOS it. And it's also important to
+
+0:17:31.970,0:17:33.610
+resist censorship
+
+0:17:33.610,0:17:38.510
+And the addresses look like this:
+
+0:17:38.510,0:17:43.280
+it's really a hash of a private key
+
+0:17:43.280,0:17:47.340
+and each hidden service is actually, well, identified
+
+0:17:47.340,0:17:53.300
+by a public key
+
+0:17:53.300,0:17:59.000
+this how it works, uhm, yet Alice the client
+
+0:17:59.000,0:18:02.170
+and the hidden server, Bob.
+
+0:18:02.170,0:18:04.120
+And if Bob wants to, uh,
+
+0:18:04.120,0:18:07.640
+wants to set up a service,
+
+0:18:07.640,0:18:08.159
+he chooses three introduction points
+
+0:18:08.159,0:18:09.899
+out of the whole mass
+
+0:18:09.899,0:18:11.920
+of Tor servers.
+
+0:18:11.920,0:18:18.920
+And Bob has the public key to identify the service,
+and uh he sends
+
+0:18:22.530,0:18:26.860
+this public key into each of these three introduction
+points to the directory server.
+
+0:18:26.860,0:18:28.740
+Now Alice wants to uh,
+
+0:18:28.740,0:18:31.610
+connect to Bob, but first the first thing she does
+
+0:18:31.610,0:18:34.480
+is download this
+
+0:18:34.480,0:18:38.910
+this list with the introduction points and the uh
+
+0:18:38.910,0:18:45.910
+public key from the directory server. After that, uh
+
+0:18:50.120,0:18:54.299
+she choose one of the uh introduction points
+
+0:18:54.299,0:18:55.930
+and uh,
+
+0:18:55.930,0:19:02.920
+posts a circle rendesvouz cookie there. A piece of
+data so uh, she can, uh
+
+0:19:02.920,0:19:05.480
+identify herself
+
+0:19:05.480,0:19:06.900
+and uh, she also
+
+0:19:06.900,0:19:07.860
+gives the introduction point
+
+0:19:07.860,0:19:14.500
+the address of her random rendesvouz point that
+Alice has chosen
+
+0:19:14.500,0:19:18.550
+so what happens then is uh, Bob notices that uh,
+
+0:19:18.550,0:19:23.760
+some data has been stored in the introduction point
+
+0:19:23.760,0:19:28.160
+and Alice and Bob uh,
+
+0:19:28.160,0:19:31.230
+make a rendesvouz point, and
+
+0:19:31.230,0:19:34.940
+Bob uses this, this uh
+
+0:19:34.940,0:19:36.700
+rendesvouz cookie to
+
+0:19:36.700,0:19:38.180
+actually identify himself on the rendesvouz point
+
+0:19:38.180,0:19:39.990
+and after that
+
+0:19:39.990,0:19:46.990
+all the connection of data runs through this rendesvouz point.
+
+0:19:50.870,0:19:53.180
+uh, if time permits I'll actually uh,
+
+0:19:53.180,0:19:54.710
+set up a rendesvouz
+
+0:19:54.710,0:19:55.960
+a hidden service here
+
+0:19:55.960,0:19:59.120
+so you can actually see how it works
+
+0:19:59.120,0:20:06.120
+I'll also demonstrate Tor, like I said
+
+0:20:08.800,0:20:09.770
+uh, there's some legal issues to be uhm
+
+0:20:09.770,0:20:12.450
+recognized, uh. As you can imagine, Tor may be
+forbidden in some
+
+0:20:12.450,0:20:14.880
+countries; especially totalitarian countries
+
+0:20:14.880,0:20:17.530
+which censor the Internet anyway
+
+0:20:17.530,0:20:18.719
+and uh,
+
+0:20:18.719,0:20:21.030
+you may get into trouble for using Tor
+
+0:20:21.030,0:20:25.580
+practically, anyone knows this
+
+0:20:25.580,0:20:27.580
+there can be crytpo restrictions
+
+0:20:27.580,0:20:29.070
+for example Great Britain, the uh
+
+0:20:29.070,0:20:33.200
+RIPA act, I'm not even sure what it stands for
+
+0:20:33.200,0:20:36.140
+but basically says that uh,
+
+0:20:36.140,0:20:37.510
+if the government wants,
+
+0:20:37.510,0:20:40.410
+then you have to give up your crypto keys
+
+0:20:40.410,0:20:42.910
+so they can decrypt it later
+
+0:20:42.910,0:20:47.860
+and uh, yeah, it's not...
+
+0:20:47.860,0:20:50.010
+and it's actually last week was the first case
+
+0:20:50.010,0:20:52.890
+when this was actually used in
+
+0:20:52.890,0:20:56.600
+Great Britain
+
+0:20:56.600,0:21:00.720
+uh, there can be special laws like in Germany
+
+0:21:00.720,0:21:03.480
+sort of like a hacker paragraph
+
+0:21:03.480,0:21:06.990
+just a nickname, it has some cryptic legal name
+
+0:21:06.990,0:21:07.940
+uh, in reality
+
+0:21:07.940,0:21:11.090
+and it says that uh
+
+0:21:11.090,0:21:14.570
+you're liable if you, uh,
+
+0:21:14.570,0:21:17.360
+if you give people access to tools
+
+0:21:17.360,0:21:20.020
+that they can use to uh,
+
+0:21:20.020,0:21:22.270
+well, to do illegal stuff.
+
+0:21:22.270,0:21:23.630
+More or less.
+
+0:21:23.630,0:21:27.080
+It's really uh,
+
+0:21:27.080,0:21:29.080
+not concrete and no one really...
+
+0:21:29.080,0:21:30.440
+it could uh,
+
+0:21:30.440,0:21:31.929
+it could
+
+0:21:31.929,0:21:36.669
+restrict anything. From a map to a
+
+0:21:36.669,0:21:39.210
+to God know what? Network tools.
+
+0:21:39.210,0:21:40.880
+and uh
+
+0:21:40.880,0:21:43.559
+But it was actually, it was actually passed so no one
+really knows
+
+0:21:43.559,0:21:45.510
+what's the, uhm
+
+0:21:45.510,0:21:46.490
+what's really
+
+0:21:46.490,0:21:50.260
+restrict by it. So Tor could be restricted
+
+0:21:50.260,0:21:55.590
+by it, because it could really enable people to do
+illegal stuff,
+
+0:21:55.590,0:21:58.640
+but no one really knows
+
+0:21:58.640,0:22:00.990
+and uh, the biggest Tor
+
+0:22:00.990,0:22:02.250
+problems
+
+0:22:02.250,0:22:07.480
+that, uh
+
+0:22:07.480,0:22:10.180
+when uh, when it actually gets sent to a Tor network
+
+0:22:10.180,0:22:13.210
+the uh, the
+
+0:22:13.210,0:22:14.669
+IP address that
+
+0:22:14.669,0:22:16.210
+gets sent
+
+0:22:16.210,0:22:17.220
+well that's what the destination server
+
+0:22:17.220,0:22:19.090
+actually sees
+
+0:22:19.090,0:22:21.200
+is one of the exit nodes.
+
+0:22:21.200,0:22:22.380
+So when, uh
+
+0:22:22.380,0:22:23.740
+when a client
+
+0:22:23.740,0:22:26.090
+actually causes trouble,
+
+0:22:26.090,0:22:26.950
+then the one
+
+0:22:26.950,0:22:29.790
+that gets into trouble
+
+0:22:29.790,0:22:32.460
+is the exit nodes provider. And uh,
+
+0:22:32.460,0:22:33.560
+so stuff that gets done
+
+0:22:33.560,0:22:38.620
+for torment purpose like sending ransom mails or uh,
+
+0:22:38.620,0:22:40.480
+distributing illegal stuff
+
+0:22:40.480,0:22:42.040
+and it, this all happened
+
+0:22:42.040,0:22:43.500
+and, if you are
+
+0:22:43.500,0:22:46.460
+unlucky as an exit node operator
+
+0:22:46.460,0:22:47.109
+your server gets seized or something
+
+0:22:47.109,0:22:52.059
+and uh,
+
+0:22:52.059,0:22:55.530
+that's random stuff that can happen
+
+0:22:55.530,0:22:56.540
+though, uh,
+
+0:22:56.540,0:22:59.559
+as an exit nodes provider you can get
+
+0:22:59.559,0:23:03.690
+letters from Law Enforcement entities, and uh
+
+0:23:03.690,0:23:05.649
+What are you doing there?
+
+0:23:05.649,0:23:06.830
+Maybe some illegal stuff?
+
+0:23:06.830,0:23:10.040
+And you have to explain to them that you are
+
+0:23:10.040,0:23:12.260
+providing Tor server
+
+0:23:12.260,0:23:13.980
+it wasn't you
+
+0:23:13.980,0:23:15.120
+and stuff.
+
+0:23:15.120,0:23:18.020
+For example the FBI
+
+0:23:18.020,0:23:19.960
+in America
+
+0:23:19.960,0:23:23.580
+actually knows what you're talking about when you tell them
+
+0:23:23.580,0:23:24.580
+that you're using Tor...
+
+0:23:24.580,0:23:26.019
+so, uh
+
+0:23:26.019,0:23:26.600
+they won't bother.
+
+0:23:26.600,0:23:28.810
+But in Germany the uh,
+
+0:23:28.810,0:23:34.830
+Law Enforcement agencies, actually are, so so
+
+0:23:34.830,0:23:41.440
+depends on what kind of guy you're actually talking to
+
+0:23:41.440,0:23:47.120
+So what's... what kind of role plays FreeBSD here?
+
+0:23:47.120,0:23:51.880
+uh, FreeBSD is really well suited as a Tor node, uh
+
+0:23:51.880,0:23:55.490
+when you're operating the client you just want to use the
+network, uh
+
+0:23:55.490,0:23:57.830
+it doesn't matter what kind of system you use
+
+0:23:57.830,0:23:59.150
+and it shouldn't matter
+
+0:23:59.150,0:24:00.830
+There's one of the, uh
+
+0:24:00.830,0:24:03.130
+like I said earlier one of the design
+
+0:24:03.130,0:24:05.500
+criteria of Tor
+
+0:24:05.500,0:24:08.610
+so it doesn't matter if you're using Windows or FreeBSD.
+
+0:24:08.610,0:24:09.929
+But if you're using the Tor
+
+0:24:09.929,0:24:14.290
+as actually uh,
+
+0:24:14.290,0:24:17.320
+the security of other depends on your node
+
+0:24:17.320,0:24:20.690
+and uh,
+
+0:24:20.690,0:24:22.950
+when you're operating a node is important to
+
+0:24:22.950,0:24:25.310
+have Operational Security
+
+0:24:25.310,0:24:25.980
+and Jails
+
+0:24:25.980,0:24:27.550
+are really great for this,
+
+0:24:27.550,0:24:29.980
+so you can run a Tor server in Jail.
+
+0:24:29.980,0:24:32.950
+It's also Disk and Swap encryption
+
+0:24:32.950,0:24:38.010
+which is important, especialy the swap encryption. And uh,
+
+0:24:38.010,0:24:39.390
+there's also audit
+
+0:24:39.390,0:24:40.740
+and the mac framework
+
+0:24:40.740,0:24:43.780
+when you want to run your installation
+
+0:24:43.780,0:24:46.220
+What's also nice,
+
+0:24:46.220,0:24:46.659
+Tor servers do a lot of public key encryption
+
+0:24:46.659,0:24:48.440
+and it's pretty slow
+
+0:24:48.440,0:24:49.480
+so it's great to have
+
+0:24:49.480,0:24:54.750
+hardware acceleration for this.
+
+0:24:54.750,0:24:56.160
+And uh, probably the biggest feature:
+
+0:24:56.160,0:25:03.160
+Well maintained Tor-related ports.
+
+0:25:04.060,0:25:07.390
+There is the main port, security Tor
+
+0:25:07.390,0:25:11.370
+Which is a client and server if you want to run
+
+0:25:11.370,0:25:13.610
+a network node, or just a client.
+
+0:25:13.610,0:25:15.210
+There's Tor level
+
+0:25:15.210,0:25:16.450
+and these are really up to date, uhm
+
+0:25:16.450,0:25:22.830
+Tor development happens really fast
+
+0:25:22.830,0:25:23.710
+and ports get updated
+
+0:25:23.710,0:25:30.710
+pretty soon after a release is made.
+
+0:25:32.050,0:25:39.050
+There's Privoxy, which is an uhm web proxy and uhm,
+we'll use it later when we do the demonstration
+
+0:25:41.320,0:25:44.310
+And there's net management Vidalia which is a
+graphical content
+
+0:25:44.310,0:25:47.200
+also for Windows
+
+0:25:47.200,0:25:48.260
+and, uhm
+
+0:25:48.260,0:25:53.929
+there's trans-proxy Tor
+
+0:25:53.929,0:25:58.650
+which enables you to actually
+
+0:25:58.650,0:25:59.560
+uhm, well there's some
+
+0:25:59.560,0:26:02.080
+badly written applications out there
+
+0:26:02.080,0:26:05.280
+that do stuff that's
+
+0:26:05.280,0:26:07.510
+that makes it hard for Tor to
+
+0:26:07.510,0:26:08.860
+run with them
+
+0:26:08.860,0:26:10.810
+and you can use trans-proxy Tor
+
+0:26:10.810,0:26:15.510
+to tunnel such connections through the Tor network.
+
+0:26:15.510,0:26:20.580
+We'll actually talk about them in the next slide.
+
+0:26:20.580,0:26:24.960
+Yeah. What else do you need to take care of
+besides running Tor?
+
+0:26:24.960,0:26:27.130
+Uh, there's name resolution, uh...
+
+0:26:27.130,0:26:28.760
+Some applications just
+
+0:26:28.760,0:26:30.500
+bypass the configured proxy
+
+0:26:30.500,0:26:34.500
+for example FireFox versions below version 1.5,
+
+0:26:34.500,0:26:35.700
+which send every data,
+
+0:26:35.700,0:26:38.320
+all data through the proxy
+
+0:26:38.320,0:26:38.909
+but not
+
+0:26:38.909,0:26:40.880
+DNS requests
+
+0:26:40.880,0:26:44.380
+so they actually result in mistrust
+
+0:26:44.380,0:26:46.450
+and uh, so yeah
+
+0:26:46.450,0:26:49.280
+the connection is actually anonymized
+
+0:26:49.280,0:26:51.080
+but the DNS server
+
+0:26:51.080,0:26:52.250
+really knows
+
+0:26:52.250,0:26:53.870
+uh, who you were talking to
+
+0:26:53.870,0:27:00.870
+and this is really the intention of Tor, but uh,
+newer versions actually takes.
+
+0:27:03.130,0:27:04.240
+Uh, there's the usual
+
+0:27:04.240,0:27:09.990
+cookies, web-bugs, referrer and stuff, uhm
+
+0:27:09.990,0:27:11.800
+which uh,
+
+0:27:11.800,0:27:13.530
+sites can use to check which
+
+0:27:13.530,0:27:20.530
+websites you're visiting, and it's just the
+usual disabling stuff
+
+0:27:20.549,0:27:23.250
+Privoxy is a great tool to
+
+0:27:23.250,0:27:28.160
+normalize HTTP traffic.
+
+0:27:28.160,0:27:30.010
+And it's also great to uhm, well filter off advertising
+
+0:27:30.010,0:27:36.370
+and stuff.
+
+0:27:36.370,0:27:38.660
+This should be really obvious
+
+0:27:38.660,0:27:41.110
+but apparently is not. Uhm,
+
+0:27:41.110,0:27:43.770
+There's so many people who don't realize
+
+0:27:43.770,0:27:44.700
+that the last connection
+
+0:27:44.700,0:27:46.380
+chain is actually unencrypted
+
+0:27:46.380,0:27:50.900
+if you're using, uh
+
+0:27:50.900,0:27:53.250
+if you're not using a secure protocol.
+
+0:27:53.250,0:27:54.100
+So,
+
+0:27:54.100,0:27:56.440
+people actually uhm,
+
+0:27:56.440,0:27:59.430
+get their mail through POP3 or something
+
+0:27:59.430,0:28:04.870
+and the exit nodes can just run desniff and sniff
+out all the passwords.
+
+0:28:04.870,0:28:11.870
+And it's really surprising how many people uh, do this.
+
+0:28:13.450,0:28:16.700
+So, lesson learned: use secure protocol.
+
+0:28:16.700,0:28:18.220
+There are also other services that require
+
+0:28:18.220,0:28:20.630
+registration, for example,
+
+0:28:20.630,0:28:22.040
+with your e-mail address or
+
+0:28:22.040,0:28:23.640
+personal
+
+0:28:23.640,0:28:25.360
+data
+
+0:28:25.360,0:28:27.590
+and uh, well
+
+0:28:27.590,0:28:28.620
+if you're using Tor and you
+
+0:28:28.620,0:28:35.620
+actually log on to one of those services, Tor can help you
+
+0:28:40.850,0:28:42.440
+So, once I actually demonstrate how
+
+0:28:42.440,0:28:49.440
+this all works.
+
+0:29:13.550,0:29:15.520
+Uh, I've installed Tor and
+
+0:29:15.520,0:29:22.520
+Privoxy on this system
+
+0:29:24.810,0:29:27.180
+the config files are on the usual places.
+
+0:29:27.180,0:29:34.180
+And if you read this, this little.. small.. Is this alright?
+
+0:29:46.950,0:29:50.600
+So there is this Tor I see sample file
+
+0:29:50.600,0:29:57.600
+which we can use
+
+0:30:07.020,0:30:08.370
+so this
+
+0:30:08.370,0:30:10.340
+there's the usual commands and stuff
+
+0:30:10.340,0:30:11.030
+and this,
+
+0:30:11.030,0:30:15.720
+much stuff that we don't need for the moment
+
+0:30:15.720,0:30:19.840
+there's this uh,
+
+0:30:19.840,0:30:24.220
+SOCKS port and SOCKS listen address information
+
+0:30:24.220,0:30:31.220
+that's the
+
+0:30:32.770,0:30:34.659
+tells you where to connect your uh,
+
+0:30:34.659,0:30:36.679
+your proxy to
+
+0:30:36.679,0:30:38.200
+so this is the information that we use in Privoxy to
+
+0:30:38.200,0:30:41.450
+access Tor.
+
+0:30:41.450,0:30:42.190
+Uhm,
+
+0:30:42.190,0:30:45.320
+all we have to do to actually use Tor is
+
+0:30:45.320,0:30:48.970
+copy over the config file.
+
+0:30:48.970,0:30:55.970
+Start the service
+
+0:31:04.110,0:31:10.570
+so, it tells us it's running... Now we have to
+
+0:31:10.570,0:31:12.350
+take a look at Privoxy
+
+0:31:20.880,0:31:25.120
+There's also lots of stuff that we don't need
+right now
+
+0:31:25.120,0:31:30.360
+What we need is the uh,
+
+0:31:30.360,0:31:31.740
+we need to tell
+
+0:31:31.740,0:31:33.809
+Privoxy uh,
+
+0:31:33.809,0:31:40.809
+where to send connections requests.
+
+0:31:51.740,0:31:53.659
+Ok, I've actually entered this earlier
+
+0:31:53.659,0:31:54.860
+uhm,
+
+0:31:54.860,0:31:58.700
+all it says is uh,
+
+0:31:58.700,0:32:03.490
+forward all requests to
+
+0:32:03.490,0:32:10.490
+the uh, SOCKS client
+
+0:32:13.020,0:32:20.020
+So we just start
+
+0:32:34.120,0:32:38.870
+Ok, so we all set
+
+0:32:38.870,0:32:40.480
+Now we can just do
+
+0:32:40.480,0:32:47.480
+everything with our brother
+
+0:32:50.790,0:32:52.029
+we all started times
+
+0:32:52.029,0:32:59.029
+a bit slow on my external drive
+
+0:33:06.860,0:33:08.070
+okay, uh
+
+0:33:08.070,0:33:11.470
+proxy settings
+
+0:33:11.470,0:33:16.140
+we just put in our Privoxy server
+
+0:33:16.140,0:33:23.140
+which listens on port 3128, hopefully, or does it?
+Oh, 8108, that's it.
+
+0:33:47.360,0:33:49.060
+Ok, so every
+
+0:33:49.060,0:33:56.060
+connection we want to make should actually be routed
+through the Tor network
+
+0:33:56.820,0:33:58.880
+uhm, this is going to take a little bit,
+
+0:33:58.880,0:34:01.950
+'cause all the route selection needs to be done
+
+0:34:01.950,0:34:08.950
+all the public crypto, there's also network latency
+
+0:34:13.059,0:34:14.539
+Once the connections are actually setup
+
+0:34:14.539,0:34:17.789
+it's pretty fast, not like this
+
+0:34:17.789,0:34:21.159
+and it's uh, really dependent upon uh,
+
+0:34:21.159,0:34:21.419
+which
+
+0:34:21.419,0:34:23.059
+kind of nodes you get
+
+0:34:23.059,0:34:26.669
+if you have a node that is running a modem then,
+
+0:34:26.669,0:34:33.669
+you'll have problem, it's really slow
+
+0:34:36.099,0:34:42.989
+ok, while waiting
+
+0:34:42.989,0:34:45.319
+we can actually take a look
+
+0:34:45.319,0:34:52.319
+at how our hidden service is configured
+
+0:34:59.699,0:35:03.369
+there's some lines for the Tor config file
+
+0:35:03.369,0:35:07.439
+the routing services
+
+0:35:07.439,0:35:14.219
+Ok, so you can see here hidden services here and
+hidden service port
+
+0:35:14.219,0:35:19.369
+as I said, the hidden service is identified by a
+public key, and uh, if you
+
+0:35:19.369,0:35:22.159
+uncommand this sutff,
+
+0:35:22.159,0:35:24.999
+and uh,
+
+0:35:24.999,0:35:26.619
+we start Tor
+
+0:35:26.619,0:35:28.249
+quickly
+
+0:35:28.249,0:35:31.690
+generate a public key and put it into the start tree
+
+0:35:31.690,0:35:38.690
+and it will, uh, well it actually says to uh,
+
+0:35:40.659,0:35:47.659
+where this omni address earlier,
+
+0:35:48.549,0:35:49.539
+we'll just
+
+0:35:49.539,0:35:56.539
+route every connection through this address to this
+local nodes line
+
+0:36:02.119,0:36:07.199
+This could be the case that uh,
+
+0:36:07.199,0:36:08.640
+that an exit node
+
+0:36:08.640,0:36:11.599
+doesn't uh,
+
+0:36:11.599,0:36:18.599
+allow
+
+0:36:19.779,0:36:22.900
+Ok, this is typical that when you want to show stuff
+it doesn't work
+
+0:36:22.900,0:36:25.369
+it worked earlier, so uh, it's not the network's fault
+
+0:36:25.369,0:36:27.619
+let's uh,
+
+0:36:27.619,0:36:31.609
+back to the hidden services
+
+0:36:31.609,0:36:38.609
+So we actually need to
+
+0:36:39.230,0:36:46.230
+change this
+
+0:36:51.170,0:36:55.099
+The default directory in FreeBSD is bar/db/Tor
+
+0:36:55.099,0:36:57.909
+and uh,
+
+0:36:57.909,0:37:03.249
+and when we start Tor it will actually, uh
+
+0:37:03.249,0:37:07.499
+create the service directory
+
+0:37:07.499,0:37:11.789
+by itself. It's also a web server listening on port 80
+on localhost
+
+0:37:11.789,0:37:13.889
+so we can
+
+0:37:13.889,0:37:20.889
+and hopefully will be able to see it later on
+
+0:37:45.849,0:37:48.529
+okay, so let's see if
+
+0:37:48.529,0:37:49.679
+this stuff is already
+
+0:37:49.679,0:37:56.679
+actually created.
+
+0:38:02.829,0:38:03.790
+Ok, so you have
+
+0:38:03.790,0:38:05.069
+two parts in this directory
+
+0:38:05.069,0:38:11.650
+hostname and private key. Private key is uh,
+
+0:38:11.650,0:38:14.739
+and the hostname is actually what you give to people
+if you want to
+
+0:38:14.739,0:38:21.739
+to publish your service
+
+0:38:33.319,0:38:36.039
+this is actually less likely to work right now
+
+0:38:36.039,0:38:40.059
+because it takes some time for Tor to choose these
+
+0:38:40.059,0:38:41.639
+introduction points,
+
+0:38:41.639,0:38:44.880
+send all this stuff to directory services
+
+0:38:44.880,0:38:47.369
+it takes time for directory services to sync up
+
+0:38:47.369,0:38:54.329
+and actually distribute information to the clients
+
+0:38:54.329,0:39:00.789
+and when we want to exit the service, we actually put
+this address into the uh,
+
+0:39:00.789,0:39:03.889
+the address line, and uh,
+
+0:39:03.889,0:39:05.069
+Tor knows how to
+
+0:39:05.069,0:39:12.069
+deal with this uh, the Onion pop up domain, so uh
+
+0:39:15.410,0:39:22.410
+this usually actually works. Let's see what's going on here...
+
+0:39:33.499,0:39:35.049
+Well, like I said
+
+0:39:35.049,0:39:37.529
+this one will take a while and
+
+0:39:37.529,0:39:40.450
+what's going on with the other one? I can actually see
+
+0:39:40.450,0:39:45.039
+But uh,
+
+0:39:45.039,0:39:47.850
+usually you can just go to one of these server websites
+
+0:39:47.850,0:39:50.209
+that tell you your IP address, and
+
+0:39:50.209,0:39:52.899
+Google is a fair example
+
+0:39:52.899,0:39:56.709
+you can go to Google and Google will get you a
+
+0:39:56.709,0:40:00.589
+localized web page.
+
+0:40:00.589,0:40:02.879
+For example, when you are from Germany, and you go to
+
+0:40:02.879,0:40:04.099
+Google.com, you get a German webpage
+
+0:40:04.099,0:40:07.379
+and if you're using Tor and you go to Google,
+
+0:40:07.379,0:40:09.679
+it depends
+
+0:40:09.679,0:40:10.319
+upon where your exit point is located
+
+0:40:10.319,0:40:11.859
+for example,
+
+0:40:11.859,0:40:14.029
+if it is in the Netherlands,
+
+0:40:14.029,0:40:21.029
+you get a Dutch Google, which is uh, pretty cool.
+
+0:40:23.329,0:40:25.549
+so uh,
+
+0:40:25.549,0:40:27.419
+I'll have to take a look later
+
+0:40:27.419,0:40:28.829
+while I'm working
+
+0:40:28.829,0:40:35.829
+so let's just, continue for a moment
+
+0:40:38.569,0:40:41.009
+ok, to summarize, uh
+
+0:40:41.009,0:40:44.799
+Tor is actually useful if
+
+0:40:44.799,0:40:51.799
+you want to be hidden on the net. If it actually works.
+Not in this case, uh
+
+0:40:55.519,0:40:59.339
+Tor is usually pretty cool to offer services from anywhere
+
+0:40:59.339,0:41:00.410
+so theoretically
+
+0:41:00.410,0:41:02.509
+it should work
+
+0:41:02.509,0:41:03.549
+I should
+
+0:41:03.549,0:41:06.049
+publish my hidden services from around here
+
+0:41:06.049,0:41:10.429
+and anyone in the world that's connected to the Tor network
+can actually exit it, access it
+
+0:41:10.429,0:41:12.169
+and uh
+
+0:41:12.169,0:41:14.799
+Privoxy is a pretty cool platform for Tor
+
+0:41:14.799,0:41:18.819
+'cause it's for one, it has very nice
+
+0:41:18.819,0:41:21.779
+security features like jail
+
+0:41:21.779,0:41:23.949
+and if you want to run a Tor node
+
+0:41:23.949,0:41:25.899
+and uh,
+
+0:41:25.899,0:41:27.949
+tools like Tor are really needed
+
+0:41:27.949,0:41:28.860
+in our time
+
+0:41:28.860,0:41:35.860
+this isn't going
+
+0:41:36.599,0:41:43.599
+to get better any time soon; so uh, we better
+create the tools now
+
+0:41:45.779,0:41:52.779
+to circumvent this
+
+0:41:52.899,0:41:59.039
+Take a quick look at the uh browser again
+
+0:41:59.039,0:42:00.089
+currently the uh,
+
+0:42:00.089,0:42:02.660
+connection set up failed
+
+0:42:02.660,0:42:04.070
+which I can't do anything about right now.
+
+0:42:04.070,0:42:11.070
+uh, which one?
+
+0:42:23.089,0:42:25.629
+Oh, that's all me
+
+0:42:25.629,0:42:27.539
+uhm
+
+0:42:27.539,0:42:30.249
+it depends upon
+
+0:42:30.249,0:42:33.140
+you can use any port you like
+
+0:42:33.140,0:42:34.539
+depend on uh,
+
+0:42:34.539,0:42:39.279
+what port the nodes use. Nodes can use any port
+
+0:42:39.279,0:42:42.259
+for example, when I don't want to run nodes
+
+0:42:42.259,0:42:44.109
+I can put it on pause
+
+0:42:44.109,0:42:45.679
+port 80 if you want
+
+0:42:45.679,0:42:47.470
+so anyone who uh
+
+0:42:47.470,0:42:49.219
+who has uh
+
+0:42:49.219,0:42:50.979
+HTTP access can actually access my node
+
+0:42:53.009,0:42:56.529
+so uh
+
+0:42:56.529,0:43:01.299
+yet in theory uh
+
+0:43:01.299,0:43:05.959
+you can use any port you like.
+
+0:43:05.959,0:43:12.009
+So, this isn't going to work.
+
+0:43:12.009,0:43:13.519
+Maybe I'll just uh,
+
+0:43:13.519,0:43:20.519
+if anyone is interested, I'll just try again later
+
+0:43:33.089,0:43:34.680
+That's port 80
+
+0:43:34.680,0:43:39.369
+it's a you know, HTTP connection so,
+
+0:43:39.369,0:43:42.359
+So, are there any questions?
+
+0:43:42.359,0:43:49.359
+Yes?
+
+0:44:06.140,0:44:08.689
+Well, usually I use Opera, so
+
+0:44:08.689,0:44:13.679
+a
+
+0:44:13.679,0:44:15.659
+I didn't know
+
+0:44:26.839,0:44:28.970
+Yes, there are about 300 uh,
+
+0:44:32.879,0:44:35.040
+I think about
+
+0:44:35.040,0:44:39.759
+300 Tor servers around the world
+
+0:44:39.759,0:44:43.349
+No, it's uh correct
+
+0:44:43.349,0:44:47.119
+at the moment there are three directory servers
+
+0:44:47.119,0:44:49.579
+worldwide
+
+0:44:49.579,0:44:51.630
+you can recognize them by their public key
+
+0:44:51.630,0:44:52.909
+and their public keys are
+
+0:44:52.909,0:44:56.119
+hard coded into the source code at the moment
+
+0:44:56.119,0:44:58.799
+so, the uh
+
+0:44:58.799,0:45:01.499
+Tor developers actually run those directory servers
+
+0:45:01.499,0:45:08.499
+but this is really crypto infrastucture
+
+0:45:11.729,0:45:12.719
+uhm
+
+0:45:12.719,0:45:14.729
+Well it's it's hard to say
+
+0:45:14.729,0:45:16.219
+'cause the question was uh
+
+0:45:16.219,0:45:21.799
+Were there any estimates on uh,
+
+0:45:21.799,0:45:26.489
+net usage and other stuff
+
+0:45:26.489,0:45:31.730
+it's really hard to say because it's an anonymization
+network so uh,
+
+0:45:31.730,0:45:32.999
+you can't say for sure, but there are estimates of
+one hundred thousand users around the world
+
+0:45:32.999,0:45:36.949
+and uh, I'm not sure of the traffic.
+
+0:45:36.949,0:45:39.219
+I used to run a middleman node,
+
+0:45:39.219,0:45:40.369
+and in one monthm
+
+0:45:40.369,0:45:42.699
+it would make
+
+0:45:42.699,0:45:43.849
+it was on a one hundred megabits
+
+0:45:43.849,0:45:45.359
+or dedicated line,
+
+0:45:45.359,0:45:47.249
+and it made about one terabyte of traffic
+
+0:45:47.249,0:45:49.459
+so it's a lot of traffic
+
+0:45:49.459,0:45:52.449
+going on
+
+0:45:52.449,0:45:56.259
+and unfortunately also a lot of filesharing systems
+
+0:45:56.259,0:45:59.739
+which it doesn't relly make sense 'cause they're slow
+
+0:45:59.739,0:46:00.570
+so uhm,
+
+0:46:00.570,0:46:01.609
+Tor is really cool
+
+0:46:01.609,0:46:03.359
+for web browsing and stuff
+
+0:46:03.359,0:46:10.359
+but if you really want to move a lot of data it's
+not a good tool
+
+0:46:10.759,0:46:11.479
+ah, any other questions? Doesn't seem to be the case. Ok!
diff --git a/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv b/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv
new file mode 100644
index 0000000000..e3ff5ee343
--- /dev/null
+++ b/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv
@@ -0,0 +1,943 @@
+0:00:07.329,0:00:13.679
+You're here, Bob, of course. Bob is hot. Bob is very hot.
+
+0:00:13.679,0:00:14.679
+Welcome to BSD is Dying.
+
+0:00:14.679,0:00:15.779
+No, it's not dead yet,
+
+0:00:15.779,0:00:16.529
+we're getting there.
+
+0:00:16.529,0:00:18.949
+Anybody out here last year?
+
+0:00:18.949,0:00:24.939
+Okay. I gave a really bad talk on pf, so and I
+appreciate Bob coming out and correcting me this year.
+
+0:00:24.939,0:00:28.550
+Anyways, we should go and get started.
+
+0:00:28.550,0:00:33.560
+BSD is Dying.
+
+0:00:33.560,0:00:35.820
+What is BSD?
+
+0:00:35.820,0:00:40.150
+I think most of us know, BSD is a derivative of UNIX.
+
+0:00:40.150,0:00:41.630
+Okay, what is UNIX?
+
+0:00:41.630,0:00:44.300
+UNIX is an
+
+0:00:44.300,0:00:45.260
+operating system.
+
+0:00:45.260,0:00:48.000
+What is an operating system?
+
+0:00:48.000,0:00:53.930
+It runs computers.
+
+0:00:53.930,0:00:56.610
+But, what is a computer?
+
+0:00:56.610,0:01:03.610
+It helps users accomplish tasks. What is a user?
+A user is somebody biped like
+
+0:01:07.409,0:01:10.600
+biped that stands up right sort of like me.
+
+0:01:10.600,0:01:14.280
+Who am I? My name is Jason Dixon.
+
+0:01:14.280,0:01:18.000
+First and foremost, a SysAdmin. I like to work on networks,
+
+0:01:18.000,0:01:18.590
+firewalls. I like to tweak.
+
+0:01:18.590,0:01:21.350
+No. Yes.
+
+0:01:21.350,0:01:27.630
+I'm a programmer, sort of. I enjoy
+
+0:01:27.630,0:01:28.960
+Perl, Postgres,
+
+0:01:28.960,0:01:30.820
+on Apache
+
+0:01:30.820,0:01:34.150
+servers. I'm a consultant here. I'm an employee
+
+0:01:34.150,0:01:38.920
+here, and a lover of
+
+0:01:38.920,0:01:40.150
+BSD.
+
+0:01:40.150,0:01:42.050
+Why am I here?
+
+0:01:42.050,0:01:46.970
+That’s the question I've been asking myself all along.
+
+0:01:46.970,0:01:48.630
+To talk about why BSD is dying.
+
+0:01:48.630,0:01:52.380
+Sex, and greed.
+
+0:01:52.380,0:01:59.380
+Someone kick these guys out.
+
+0:02:00.410,0:02:05.470
+Okay. So again, what is BSD? What is UNIX?
+What is an operating system? What is a computer?
+
+0:02:05.470,0:02:12.470
+Computer is a device that computes, especially a
+programmable electronic machine that performs high-speed
+mathematical or logical operations or that assembles,
+stores, correlates, or
+
+0:02:13.900,0:02:14.390
+otherwise processes
+
+0:02:14.390,0:02:15.529
+information.
+
+0:02:15.529,0:02:19.090
+This is a computer. This is also known as a
+
+0:02:19.090,0:02:22.459
+computer. This is a really big computer.
+
+0:02:22.459,0:02:28.309
+This is a fake computer, and sometimes, just can, well, compute
+
+0:02:28.309,0:02:31.339
+But what does a computer really do?
+
+0:02:31.339,0:02:33.729
+All right, it helps us write documents,
+
+0:02:33.729,0:02:40.729
+shopping lists. Sometimes, it can even delete documents.
+It helps us work with emails,
+
+0:02:42.050,0:02:46.749
+surf the Web, movies,
+
+0:02:46.749,0:02:48.769
+and listen to music.
+
+0:02:48.769,0:02:50.409
+Oh, and yes, games.
+
+0:02:50.409,0:02:53.959
+How? How does the computer let us do these
+
+0:02:53.959,0:02:56.569
+things? Well, it takes the work
+
+0:02:56.569,0:03:00.179
+and using the computer component, we can translate it
+into machine language
+
+0:03:00.179,0:03:01.489
+that is the foundation
+
+0:03:01.489,0:03:07.999
+for kernel, libraries, userland applications,
+otherwise known as operating system.
+
+0:03:07.999,0:03:10.659
+like BSD.
+
+0:03:10.659,0:03:12.619
+What is a kernel?
+
+0:03:12.619,0:03:16.439
+It's a wonderful thing, it allows
+
+0:03:16.439,0:03:23.439
+The management and processes of memory, peripheral devices,
+and by extension, allows us to do networking, security,
+
+0:03:23.540,0:03:26.639
+work with disks and file systems, user interfaces,
+userland applications,
+
+0:03:26.639,0:03:33.619
+people can write documents, check email, surf the Web,
+watch movies, listen to music, and play games.
+
+0:03:33.619,0:03:38.209
+and much, much more.
+
+0:03:38.209,0:03:41.009
+So, in summary, BSD
+
+0:03:41.009,0:03:44.150
+is a UNIX-derived operating system
+
+0:03:44.150,0:03:51.150
+enables users to harness the power of a computer to process
+information. It uses the kernel to manage processes memory,
+and peripheral devices. And by extension, we can perform
+
+0:03:51.730,0:03:58.149
+networking, enforce security, read from and write to storage
+devices, and interface visually to applications like text
+editors, mail clients, Web browsers, multimedia players, and
+
+0:03:58.149,0:04:05.149
+games.
+
+0:04:05.509,0:04:09.199
+In the beginning, I'm going to try and breeze through this,
+people
+
+0:04:09.199,0:04:10.970
+The Holy
+
+0:04:10.970,0:04:15.369
+Trinity – MIT, Bell Labs, and GE created
+a systems called Multics.
+
+0:04:15.369,0:04:18.750
+This is a nice flash from the past.
+
+0:04:18.750,0:04:20.650
+Life was good.
+
+0:04:20.650,0:04:21.639
+No. No.
+
+0:04:21.639,0:04:22.849
+Actually, it
+
+0:04:22.849,0:04:24.970
+wasn’t. The Multics was a commercial
+
+0:04:24.970,0:04:29.690
+failure. So, a couple of gentlemen like Ken Thompson and
+Dennis Ritchie
+
+0:04:29.690,0:04:34.539
+[xx] support, like to play games. They worked at Bell Labs
+and they had this game called
+
+0:04:34.539,0:04:36.470
+Space Travel, which performed really
+
+0:04:36.470,0:04:40.500
+really badly. So, what's…actually, I'm sorry
+
+0:04:40.500,0:04:43.639
+it ran on a PDP-7.
+
+0:04:43.639,0:04:48.989
+What is an assembly programmer to do when a game
+doesn’t work properly on the star board? He moves
+
+0:04:48.989,0:04:53.240
+it. So, in 1969, Ken Thompson
+
+0:04:53.240,0:04:53.969
+and
+
+0:04:53.969,0:04:58.620
+Sorry, came out with the Uniplexed Information
+
+0:04:58.620,0:05:01.270
+and Computing System. It was capable of supporting
+
+0:05:01.270,0:05:02.499
+a number of users
+
+0:05:02.499,0:05:04.189
+up to two.
+
+0:05:05.239,0:05:07.100
+And by
+
+0:05:07.100,0:05:11.949
+1970, UNIX was officially known as U-N-I-X
+
+0:05:11.949,0:05:14.759
+It ran on a PDP1145
+
+0:05:14.759,0:05:17.929
+and was capable of text processing
+
+0:05:17.929,0:05:21.019
+and had utilities like roff and a text editor.
+
+0:05:21.019,0:05:22.409
+for the purpose of
+
+0:05:22.409,0:05:24.210
+patents. By
+
+0:05:24.210,0:05:28.929
+1973, they rewrote UNIX and a programming language called
+
+0:05:28.929,0:05:33.340
+C which allowed AT&T to make the source code available
+to let other
+
+0:05:33.340,0:05:35.650
+people run it on their systems.
+
+0:05:35.650,0:05:40.110
+By 1974, a gentleman by the name of Bob Fabry,
+who was at the University
+
+0:05:40.110,0:05:42.079
+of Cal Berkeley in their Computer Science Department
+
+0:05:42.079,0:05:44.940
+bought a copy of UNIX for $99.
+
+0:05:44.940,0:05:47.710
+to run their PDP-11.
+
+0:05:47.710,0:05:52.850
+By 1977, a gentleman named Bill Joy, a graduate
+
+0:05:52.850,0:05:55.569
+student, distributed the Berkeley Software
+
+0:05:55.569,0:05:56.979
+Distribution as
+
+0:05:56.979,0:06:02.590
+1BSD. It was on a tape media that contained the PASCAL
+
+0:06:02.590,0:06:04.270
+compiler, the ex editor, and
+
+0:06:04.270,0:06:09.289
+by 1978, it was known as 2BSD with
+
+0:06:09.289,0:06:10.179
+vi, csh, and the list
+
+0:06:10.179,0:06:11.549
+goes on.
+
+0:06:11.549,0:06:17.030
+By 4BSD, we had job control, delivermail,
+
+0:06:17.030,0:06:21.339
+precursor to sendmail, curses, libraries. 1981,
+
+0:06:21.339,0:06:24.750
+4.1BSD, this one, we are recorded through VAX
+
+0:06:24.750,0:06:30.539
+4.1BSD addressed memory performance issues with UNIX on VAX
+
+0:06:30.539,0:06:34.159
+1983, 4.2BSD uses TCP/IP from BBN,
+
+0:06:34.159,0:06:36.990
+and also the Berkeley Fast File System from the
+
+0:06:36.990,0:06:39.219
+gentleman, Kirk McKusick,
+
+0:06:39.219,0:06:44.100
+who also brought us the original BSD mascot.
+
+0:06:44.100,0:06:49.280
+In 1986, 4.3BSD introduced performance improvements
+over 4.2BSD
+
+0:06:49.280,0:06:53.299
+By 1988, we had a list called 4.3BSD-Tahoe
+
+0:06:53.299,0:06:57.180
+originally intended to run on the Power 6/32
+“Tahoe” platform.
+
+0:06:57.180,0:07:00.160
+That platform actually never came to fruition
+
+0:07:00.160,0:07:04.280
+but it did allow us to extract some of the
+machine-independent
+
+0:07:04.280,0:07:07.240
+code which allowed it to become portable much later on.
+
+0:07:07.240,0:07:09.050
+By 1989, there was
+
+0:07:09.050,0:07:10.810
+Net/1, which separated the networking code
+
+0:07:10.810,0:07:14.349
+from the AT&T UNIX code
+
+0:07:14.349,0:07:17.399
+allowing for a permissive BSD license
+
+0:07:17.399,0:07:20.479
+By 1990, 4.3BSD-Reno
+
+0:07:20.479,0:07:24.770
+introduced the MACH virtual files, MACH virtual
+
+0:07:24.770,0:07:27.189
+memory system, Sun-compatible NFS
+
+0:07:27.189,0:07:30.939
+However, it was known as a real
+
+0:07:30.939,0:07:34.119
+gamble, hence the Reno moniker.
+
+0:07:34.119,0:07:36.690
+By 1991, we had
+
+0:07:36.690,0:07:40.280
+Net/2 where all AT&T code and utilities were
+replaced or removed
+
+0:07:40.280,0:07:44.439
+and ran on the Intel 386
+
+0:07:44.439,0:07:47.360
+and it became the basis for the 386BSD
+
+0:07:47.360,0:07:50.840
+and BSD/386 releases.
+
+0:07:50.840,0:07:52.870
+A gentleman by the name of Bill Jolitz
+
+0:07:52.870,0:07:54.880
+behind 386
+
+0:07:54.880,0:07:58.169
+BSD release, which eventually became the foundation for
+
+0:07:58.169,0:07:59.849
+FreeBSD and NetBSD.
+
+0:07:59.849,0:08:02.250
+And the
+
+0:08:02.250,0:08:09.250
+BSD3, I'm sorry, the 386BSD, which later on became
+BSD/OS by BSDI
+
+0:08:09.659,0:08:14.599
+Exodus. Back in 1992, a wholly own subsidiary of
+
+0:08:14.599,0:08:18.699
+AT&T called Unix System Laboratories
+
+0:08:18.699,0:08:20.389
+decided to go after
+
+0:08:20.389,0:08:22.539
+BSDI for
+
+0:08:22.539,0:08:25.249
+I'm sorry,
+
+0:08:25.249,0:08:26.860
+in New
+
+0:08:26.860,0:08:33.139
+Jersey, as for an injunction against him due to various
+what they consider proprietary
+
+0:08:33.139,0:08:34.650
+code in the
+
+0:08:34.650,0:08:35.960
+BSD.
+
+0:08:35.960,0:08:40.200
+This was one of their advertising and again, they used
+this as the basis for the
+
+0:08:40.200,0:08:42.150
+lawsuit. I have
+
+0:08:42.150,0:08:44.640
+no idea what that’s for.
+
+0:08:44.640,0:08:47.660
+
+
+0:08:47.660,0:08:52.440
+Net/2 was basically, I'm sorry
+
+0:08:52.440,0:08:55.809
+the three BSDIs version of BSD OS is basically Net/2
+
+0:08:55.809,0:08:58.239
++ 6 files that they had version from
+
+0:08:58.239,0:09:00.540
+Bill Jolitz’s 386
+
+0:09:00.540,0:09:05.030
+BSD. The lawsuit was, I'm sorry, the court settlement was
+
+0:09:05.030,0:09:09.020
+ruled over by a judge who denied the injunction
+
+0:09:09.020,0:09:11.469
+and asked them to narrow their
+
+0:09:11.469,0:09:15.650
+complaint to recent California copyrights
+and the possibility of the loss of
+
+0:09:15.650,0:09:19.299
+trade secrets. He also did a really great thing
+for BSD is that he hinted,
+
+0:09:19.299,0:09:21.829
+that…actually by this
+
+0:09:21.829,0:09:25.770
+point, the lawsuit with California Berkeley had been
+also added into the
+
+0:09:25.770,0:09:29.030
+lawsuit. Well, he gave a hint to bring the case to the state
+
+0:09:29.030,0:09:30.160
+court. So,
+
+0:09:30.160,0:09:36.110
+BSD laywers were pretty smart over at Cal and they decided
+to make a run over to the state court by the next
+
+0:09:36.110,0:09:38.690
+Monday to file a countersuit
+
+0:09:38.690,0:09:39.390
+against USL,
+
+0:09:39.390,0:09:43.250
+in the state of California.
+
+0:09:43.250,0:09:46.280
+Soon after USL went up for
+
+0:09:46.280,0:09:49.070
+sale, and it was bought by Novell
+
+0:09:49.070,0:09:53.860
+A gentleman, Ray Noorda, the CEO
+
+0:09:53.860,0:09:58.730
+at Novell, agreed to a settlement at this point because
+they understood that there was
+
+0:09:58.730,0:10:01.060
+no copyright infringement in the
+
+0:10:01.060,0:10:03.510
+code. So, basically,
+
+0:10:03.510,0:10:05.850
+the lawsuit was settled out of court
+
+0:10:05.850,0:10:07.150
+in secret for ten years.
+
+0:10:07.150,0:10:08.870
+In 2004,
+
+0:10:11.490,0:10:14.990
+done with the actual settlement
+
+0:10:14.990,0:10:16.120
+was and really sit.
+
+0:10:16.120,0:10:17.910
+And,
+
+0:10:17.910,0:10:19.560
+USL, AT&T and
+
+0:10:19.560,0:10:20.550
+Novell sort of
+
+0:10:20.550,0:10:22.190
+was embarrassed,
+
+0:10:22.190,0:10:27.060
+which ended up resulting in two distinct releases
+
+0:10:27.060,0:10:32.990
+4.4BSD, there is an encumbered version and had USL license
+
+0:10:32.990,0:10:37.490
+and AT&T code, and 4.4BSD-Lite, which was completely
+unencumbered
+
+0:10:37.490,0:10:39.460
+and became the
+
+0:10:39.460,0:10:40.600
+foundation for
+
+0:10:40.600,0:10:43.470
+a FreeBSD.
+
+0:10:43.470,0:10:47.500
+NetBSD, I'm sorry, FreeBSD
+
+0:10:49.150,0:10:55.670
+FreeBSD, people with background, only different BSDs
+that came out of 386BSD
+
+0:10:55.670,0:11:00.900
+It runs on Intel x86, Itanium, AMD64, Alpha, Sun Ultra
+
+0:11:00.900,0:11:05.149
+SPARC and it gives us the neat features of jail, which
+most of us are familiar with,
+
+0:11:05.149,0:11:07.420
+mandatory access control as MACH
+
+0:11:07.420,0:11:10.830
+and historically, had a very strong TCP/
+
+0:11:10.830,0:11:11.750
+IP and SMP performance.
+
+0:11:11.750,0:11:16.150
+The original NetBSD, which also came from 386BSD
+
+0:11:18.680,0:11:22.200
+Over 50 hardware platforms from a single
+source tree
+
+0:11:22.200,0:11:25.520
+and that’s pretty much what it's known for. To be honest
+
+0:11:25.520,0:11:31.790
+I mean, I got to admit I'm an Open BSD guy, I was looking for
+a really cool and innovative features in NetBSD and I really
+
+0:11:31.790,0:11:32.329
+couldn’t find any.
+
+0:11:32.329,0:11:34.940
+Why am I hanging on this.
+
+0:11:34.940,0:11:37.160
+Sorry,
+
+0:11:37.160,0:11:39.650
+I know people are going to…
+
+0:11:39.650,0:11:46.650
+I know the NetBSD is going to get me…I can
+handle two of you. Okay? And this is
+
+0:11:48.680,0:11:51.490
+a list of the platforms that probably
+
+0:11:51.490,0:11:53.820
+including a toaster.
+
+0:11:53.820,0:11:55.000
+
+
+0:11:55.000,0:11:56.410
+OpenBSD,
+
+0:11:56.410,0:11:59.179
+this is one of the old logos, this is the new
+
+0:11:59.179,0:12:03.510
+logo. It was forked from NetBSD 1.0, we won't go
+into the history, I know
+
+0:12:03.510,0:12:08.929
+most people know it, and it's supported by about
+16 official platforms
+
+0:12:08.929,0:12:12.530
+platforms. This is about half of the most popular ones.
+
+0:12:12.530,0:12:17.570
+And it comes out with a new release every six months,
+generally, in May and November
+
+0:12:17.570,0:12:20.810
+1st, so if you haven’t already, pick a copy, it just came
+
+0:12:20.810,0:12:24.880
+out of the foil. It's unofficial model is secure by default
+
+0:12:24.880,0:12:31.880
+only what's needed is running on the default
+
+0:12:32.750,0:12:35.690
+And, some of their goals
+
+0:12:35.690,0:12:38.300
+and features - full disclosure, audits,
+
+0:12:38.300,0:12:43.950
+privsep, privilege separation & revocation, chroot jails,
+like FreeBSD,
+
+0:12:43.950,0:12:48.910
+random values wherever possible. This is probably
+
+0:12:48.910,0:12:52.180
+the most obvious example. ProPolice
+
+0:12:52.180,0:12:58.070
+Some other features that they’d given us through
+the years – PF, authpf, CARP, fsyncd,
+
+0:12:58.070,0:13:01.380
+which I think some of these are probably in the
+
+0:13:01.380,0:13:08.380
+FreeBSD by now. DragonFlyBSD was a continuation of
+FreeBSD 4.8. Again,
+
+0:13:08.760,0:13:11.160
+DragonFlyBSD was
+
+0:13:11.160,0:13:15.640
+FreeBSD 4.8 and was intended to basically
+
+0:13:15.640,0:13:21.580
+overhaul the SMP features in FreeBSD 6
+and 7,5,6, and 7.
+
+0:13:21.580,0:13:25.690
+DragonFly is another example. If you look at their goals,
+it had some really neat technological stuff.
+
+0:13:25.690,0:13:28.500
+I can't find any features that really, you
+
+0:13:28.500,0:13:31.830
+know, mean anything.
+
+0:13:31.830,0:13:33.130
+Of course,
+
+0:13:33.130,0:13:36.890
+Tiger is an old I'm sorry, OSX
+
+0:13:36.890,0:13:43.890
+It started from the Jolitz project, but it's sort of a inbred
+
+0:13:48.870,0:13:53.800
+
+
+0:13:53.800,0:13:58.350
+
+
+0:13:58.350,0:14:04.130
+That is all about, I wanted to cover kind of the present of
+where we are right now, some of the myths and truths.
+
+0:14:04.130,0:14:08.260
+Why is BSD dying? Really, that’s what the title
+
+0:14:08.260,0:14:11.750
+of the project and topic is.
+
+0:14:11.750,0:14:16.270
+Well, first, because IDC said so.
+
+0:14:16.270,0:14:21.480
+Market share for BSD is, right now, all time low, under 1%
+
+0:14:21.480,0:14:28.480
+And, of course, Netcraft confirms these findings.
+Last place in the SysAdmin networking test, so we all
+
+0:14:29.660,0:14:30.930
+know that word, we're just big losers.
+
+0:14:30.930,0:14:37.610
+Because open-source projects are giving away free software.
+I mean, we can't possibly make
+
+0:14:37.610,0:14:39.310
+money, so that, obviously, means that
+
+0:14:39.310,0:14:46.310
+we're dying. And free software is…
+
+0:14:46.390,0:14:53.390
+We know how to say this, when we came out.
+Free software equals terrorism.
+
+0:14:55.120,0:14:57.910
+
+
+0:14:57.910,0:15:04.910
+Our inability to adapt. As you can see by this graph
+
+0:15:09.630,0:15:15.980
+Let's be serious here, people.
+
+0:15:15.980,0:15:20.520
+We see Windows, I mean, the way people. Come on,
+they’ve been doing this for a number of what? 15,
+
+0:15:20.520,0:15:22.180
+20 years. Linux is second.
+
+0:15:22.180,0:15:24.349
+They actually are showing some.
+
+0:15:24.349,0:15:29.259
+We presume that someone is doing office by doing
+
+0:15:29.259,0:15:35.450
+The BSD is only for register, so we've got to work
+on that, of course
+
+0:15:35.450,0:15:37.030
+Loss of talent. Free
+
+0:15:37.030,0:15:41.410
+BSD has lost 93% of their core developers.
+
+0:15:41.410,0:15:45.300
+Okay, come on, guys, let's go.
+
+0:15:45.300,0:15:48.030
+But not all is lost.
+
+0:15:48.030,0:15:53.600
+Fortunately, a few very small companies still
+use BSD in this age.
+
+0:15:53.600,0:15:56.450
+
+
+0:15:56.450,0:16:02.590
+I know you probably have heard most of these.
+
+0:16:02.590,0:16:05.780
+Believe it or not, this is our premier
+
+0:16:05.780,0:16:12.780
+sponsor, and some other company that didn’t sponsor us
+
+0:16:16.070,0:16:17.560
+
+
+0:16:17.560,0:16:20.070
+I should just end right there.
+
+0:16:20.070,0:16:21.870
+
+
+0:16:21.870,0:16:28.130
+Seriously, though, the technological challenge that we
+have ahead of us. Virtualization, that’s a big deal
+
+0:16:28.130,0:16:29.529
+as far as the market.
+
+0:16:29.529,0:16:33.230
+Of course, developers are in the market, so,
+if that happens, that
+
+0:16:33.230,0:16:35.370
+happens. The end is really, really cool.
+
+0:16:35.370,0:16:40.150
+DRM, is obviously evil, yes, I know, I don’t care about
+
+0:16:40.150,0:16:41.690
+DRM. Ran out.
+
+0:16:41.690,0:16:43.980
+Right?
+
+0:16:43.980,0:16:45.310
+Political challenges
+
+0:16:45.310,0:16:48.710
+No, this has been hard to admit, but I can't beat
+
+0:16:48.710,0:16:50.530
+people, blobs,
+
+0:16:50.530,0:16:52.140
+binary is bad,
+
+0:16:52.140,0:16:53.140
+don’t do it
+
+0:16:53.140,0:16:56.180
+just smoke in the same crack
+
+0:16:56.180,0:16:57.540
+
+
+0:16:57.540,0:16:59.590
+NDAs
+
+0:16:59.590,0:17:01.900
+and closed documentation.
+
+0:17:01.900,0:17:06.460
+How many of us here are actual core developers for
+one of the BSDs?
+
+0:17:06.460,0:17:08.159
+Okay, the rest of us, let's help them
+
+0:17:08.159,0:17:09.420
+out
+
+0:17:09.420,0:17:10.120
+okay
+
+0:17:10.120,0:17:12.000
+get your files with your supplier,
+
+0:17:12.000,0:17:16.740
+let's get some documentation to these guys.
+
+0:17:16.740,0:17:18.159
+Because without the
+
+0:17:18.159,0:17:20.100
+diversity, we'll have
+
+0:17:20.100,0:17:22.220
+unity
+
+0:17:22.220,0:17:24.630
+and a common goal.
+
+0:17:27.420,0:17:30.090
+Thank you.
generated by cgit v1.2.3 (git 2.25.1) at 2023-03-24 09:27:57 +0000