diff --git a/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv index 1bba30ffdc..f4af5c5cd5 100644 --- a/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv +++ b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv @@ -1,2391 +1,2381 @@ 0:00:09.649,0:00:15.249 Fortunately my slide will be centered, because -I'll have to change resolutions, I think this works out.. +I'll have to change resolutions. I think this works out... 0:00:15.249,0:00:19.310 And, it's about protecting your privacy with FreeBSD and Tor 0:00:19.310,0:00:20.859 and, uh... 0:00:20.859,0:00:21.480 -Privacy +Privacy. 0:00:21.480,0:00:25.859 -what I mean here is mostly anonymity +What I mean here is mostly anonymity 0:00:25.859,0:00:28.889 but there are some other aspects that 0:00:28.889,0:00:34.390 I'll talk about later 0:00:34.390,0:00:36.290 uh, so... 0:00:36.290,0:00:39.500 I want to first talk about who needs anonimity anyway 0:00:39.500,0:00:42.880 -is it just for criminals or some other bad guys, right? +Is it just for criminals or some other bad guys, right? 0:00:42.880,0:00:44.209 -after this +After this 0:00:44.209,0:00:50.940 anonymization concepts, then Tor. Tor's a, well, a tool 0:00:50.940,0:00:52.870 to, uh... 0:00:52.870,0:00:59.320 anonymize you on the Web. Then I'll talk about what FreeBSD can do with it 0:00:59.320,0:01:00.430 and what else 0:01:00.430,0:01:01.980 you have to take care of 0:01:01.980,0:01:06.070 when you want to be anonymous on the Web or the Internet 0:01:06.070,0:01:06.650 -and uh, +And uh, 0:01:06.650,0:01:12.280 if time permits I'd like to do a little demonstration 0:01:12.280,0:01:16.970 Ok, so who needs anonymity anyway? 0:01:16.970,0:01:20.510 Anonymity is a pretty vast 0:01:20.510,0:01:22.030 interest to most people 0:01:22.030,0:01:24.740 but it's really important for 0:01:24.740,0:01:26.400 journalists... There was a case in, uh, 0:01:26.400,0:01:28.619 Thailand last year 0:01:28.619,0:01:32.510 when the military coup was going on 0:01:32.510,0:01:38.150 -and the journalists in Thailand couldn't really uh, +and the journalists in Thailand couldn't really uh 0:01:38.150,0:01:39.830 -journalists couldn't really, uh +Journalists couldn't really, uh 0:01:39.830,0:01:43.050 get the information they needed to do their work 0:01:43.050,0:01:45.750 -also, uh, informants +Also, uh, informants 0:01:45.750,0:01:49.100 whistleblowers... people who want to tell you about 0:01:49.100,0:01:52.490 corruption going on in governments and companies 0:01:52.490,0:01:56.460 and don't want to lose their job for it... Dissidents 0:01:56.460,0:01:58.250 -uh, best case +Uh, best case 0:01:58.250,0:02:01.610 when in Myanmar 0:02:01.610,0:02:03.750 last few weeks ago 0:02:03.750,0:02:05.290 -when the +When the 0:02:05.290,0:02:07.649 all the Buddhists monks were going to the streets and uh, 0:02:07.649,0:02:09.879 -the Internet was totally censored +the Internet was heavily censored 0:02:09.879,0:02:14.899 -it was really dangerous to do anything on the Internet +It was really dangerous to do anything on the Internet 0:02:14.899,0:02:17.719 -so, so umm +So, so umm 0:02:17.719,0:02:20.489 socialy sensitive information, like when you want to uh, 0:02:20.489,0:02:23.719 when you were abused 0:02:23.719,0:02:25.769 and want to talk to other people about it 0:02:25.769,0:02:30.039 you don't... naturally you don't want other people to know who you are 0:02:30.039,0:02:31.840 as it will be very embarrassing 0:02:31.840,0:02:33.779 -also Law Enforcement, ah +Also Law Enforcement, ah 0:02:33.779,0:02:38.579 for example, uh, when you want to set up a 0:02:38.579,0:02:41.669 an anonymous tipline for crime reporting 0:02:41.669,0:02:45.810 -and uh, also companies that want to, uh +And uh, also companies that want to, uh 0:02:45.810,0:02:48.079 research competition, as one case that, uh 0:02:48.079,0:02:51.029 that a company went to check the, uh 0:02:51.029,0:02:54.339 website competition and they noticed when they used Tor 0:02:54.339,0:02:58.209 that, uh, they were actually getting a different website when they 0:02:58.209,0:03:00.829 uh, were coming from the corporate LAN 0:03:00.829,0:03:04.609 than anyone else was getting, so ah, 0:03:04.609,0:03:07.509 it's a good way to, uh, 0:03:07.509,0:03:11.859 check out... competition like this 0:03:11.859,0:03:13.349 Also military 0:03:13.349,0:03:15.679 actually military was one of the, uh 0:03:15.679,0:03:17.479 original 0:03:17.479,0:03:20.510 driving forces behind the 0:03:20.510,0:03:24.319 anonymization research. 0:03:24.319,0:03:26.169 -and maybe you +And maybe you 0:03:26.169,0:03:28.799 may have heard of the European Union 0:03:28.799,0:03:30.349 Data Retention Directive? 0:03:30.349,0:03:33.039 -where, umm +Where, umm 0:03:33.039,0:03:35.739 collection data gets stored 0:03:35.739,0:03:41.259 six to twenty-four months? Depends on the limitation on the different nations 0:03:41.259,0:03:45.069 Two weeks back this was, uh, 0:03:45.069,0:03:47.729 the law was passed in Germany 0:03:47.729,0:03:48.900 -so, uh +So, uh 0:03:48.900,0:03:50.450 from first January on, 0:03:50.450,0:03:52.159 every connection, phone connection, 0:03:52.159,0:03:55.389 SMS, IP connections, 0:03:55.389,0:03:58.480 email, or the dial-in data needs to be stored 0:03:58.480,0:04:00.449 by providers for six months 0:04:00.449,0:04:02.510 -and, uh, +And, uh, 0:04:02.510,0:04:05.379 sooner or later it's going to be in Poland as well 0:04:05.379,0:04:07.689 [talking] 0:04:07.689,0:04:14.689 -well, you're part of the Euro Union now, so ah, welcome! +Well, you're part of the Euro Union now, so ah, welcome! 0:04:16.989,0:04:18.529 -okay, uh +Okay, uh 0:04:18.529,0:04:21.220 that's a 0:04:21.220,0:04:27.110 -maybe you want to hide what interests you have and uh, +Maybe you want to hide what interests you have and uh, who you talk to, I mean uh, 0:04:27.110,0:04:30.889 like all of you know the Internet isn't very 0:04:30.889,0:04:34.199 secure in the first place so your ISP can see who you're talking to 0:04:34.199,0:04:37.780 if they bother to find out 0:04:37.780,0:04:40.709 -yeah, and also +Yeah, and also 0:04:40.709,0:04:46.279 -criminals, but um, they already do illegal stuff and they +criminals, but they already do illegal stuff and they don't care about 0:04:46.279,0:04:51.629 doing more illegal stuff to stay anonymous, right? They can -uh, steal people's identities, they can rent botnets or +steal people's identities, they can rent botnets or create them in the first place 0:04:51.629,0:04:53.829 and uh, 0:04:53.829,0:04:54.689 or just 0:04:54.689,0:04:59.689 crack one of the thousands of Windows computers online, no big deal 0:04:59.689,0:05:02.029 -so, uh +So, uh 0:05:02.029,0:05:05.199 Criminals already do this and uh, 0:05:05.199,0:05:06.360 the normal 0:05:06.360,0:05:13.360 citizens can't do this so... 0:05:14.680,0:05:16.460 So all the groups that need anonymization are very different, 0:05:16.460,0:05:18.330 but they all have the same goal, and uh 0:05:18.330,0:05:20.619 that's also one of the 0:05:20.619,0:05:22.229 key concepts of 0:05:22.229,0:05:22.919 anonymization 0:05:22.919,0:05:24.090 you can't really 0:05:24.090,0:05:25.930 stay anonymous on your own 0:05:25.930,0:05:28.999 -you needs the help of more people +you need the help of more people 0:05:28.999,0:05:30.559 and uh, 0:05:30.559,0:05:32.680 the more diverse the group that needs 0:05:32.680,0:05:38.539 anonymity, the better 0:05:38.539,0:05:40.979 Ok, so on to talking about two 0:05:40.979,0:05:42.949 anonymization concepts -0:05:42.949,0:05:44.539 -uh huh - 0:05:44.539,0:05:51.539 Proxy? Everyone here probably knows how a proxy works, -uh yeah 0:05:52.559,0:05:53.169 LANs connect to the proxy and request 0:05:53.169,0:05:57.290 a website or whatever and the proxy 0:05:57.290,0:06:00.359 just passes it on and pass through -0:06:00.359,0:06:03.789 -right - -0:06:03.789,0:06:04.680 -um - 0:06:04.680,0:06:09.329 -Proxys are fast and simple but it's a single point of +Proxys are fast and simple but it's really a single point of failure, like uh, 0:06:09.329,0:06:13.139 when law enforcement or anyone else wants to uh, know 0:06:13.139,0:06:15.289 who you're talking to they just 0:06:15.289,0:06:19.759 get a subpoena or 0:06:19.759,0:06:22.440 break into the computer room or whatever 0:06:22.440,0:06:26.400 -it's pretty easy +It's pretty easy 0:06:26.400,0:06:30.050 -Second anonymization concept is mixed, +Second anonymization concept is MIX, 0:06:30.050,0:06:32.549 it's really old from nineteen eighty one 0:06:32.549,0:06:35.099 -so you can see, uh, +So you can see, uh, 0:06:35.099,0:06:41.150 how long the research in this area is going on 0:06:41.150,0:06:43.150 -the mix is kind of similar to a proxy +The MIX is kind of similar to a proxy 0:06:43.150,0:06:47.090 -like, trying to connect to it to send the messages +Like, trying to connect to it to send the messages 0:06:47.090,0:06:50.779 -and the mix collects them +and the MIX collects them 0:06:50.779,0:06:54.550 -and no less than um +and coalesces them 0:06:54.550,0:06:56.699 -it puts them all +Like, it puts them all 0:06:56.699,0:06:58.319 -in through different coincides and uhm, +into coming sites and uhm, 0:06:58.319,0:07:00.169 you see here it 0:07:00.169,0:07:03.849 -shuffles them and waits +shuffles them. It waits 0:07:03.849,0:07:08.930 -til there's enough data in it and just +until there's enough data in it and just 0:07:08.930,0:07:11.039 -shoves them and sends them back out so +shuffles them and sends them back out so 0:07:11.039,0:07:18.039 -um, this is to protect against correlation effects. +um, this is to protect against correlation attacks. 0:07:20.219,0:07:22.439 But second in... 0:07:22.439,0:07:23.379 Oh yeah, and 0:07:23.379,0:07:27.879 -when you actually put several mixes uh +when you actually put several MIXes uh 0:07:27.879,0:07:31.259 -behind them; it's a mixed escape and uh, +behind them; it's a MIX cascade and uh, 0:07:31.259,0:07:32.149 between mixes is also 0:07:32.149,0:07:35.330 -a friction going on, uh, the first +encryption going on, uh, the first 0:07:35.330,0:07:38.349 -or the client which is +or the client which 0:07:38.349,0:07:44.069 -you could see here if this lights would be centered, uh, +you could see here if the slides would be centered, uh, 0:07:44.069,0:07:46.029 what else gets the 0:07:46.029,0:07:48.879 public keys of all the mixes 0:07:48.879,0:07:51.160 and encrypts the message first for each of them 0:07:51.160,0:07:54.879 and each mix removes one encryption layer and 0:07:54.879,0:07:59.280 uh, the last one actually passes on the message unencrypted 0:07:59.280,0:08:04.369 and uhm, loop back backwards the same 0:08:04.369,0:08:06.379 So, as you can probably imagine, 0:08:06.379,0:08:11.389 if you wait until you have enough messages, ah, and all public key encryption 0:08:11.389,0:08:12.280 is going pretty slow 0:08:14.069,0:08:17.939 and uh, 0:08:17.939,0:08:20.360 this concept is mostly used for 0:08:20.360,0:08:22.419 remailers like 0:08:22.419,0:08:26.359 MixMinion, for example uh 0:08:26.359,0:08:28.800 where it's not really a possib... um 0:08:28.800,0:08:32.610 it's not really important 0:08:32.610,0:08:33.979 if the message is a couple of seconds 0:08:33.979,0:08:36.540 late or something, but it's not really 0:08:36.540,0:08:39.870 great for uh, for 0:08:39.870,0:08:41.830 low latency connections, 0:08:41.830,0:08:44.730 like web routing for example 0:08:44.730,0:08:47.060 but what's good about it it's uh 0:08:47.060,0:08:50.500 -distrinuted trust uh, +distributed trust uh, 0:08:50.500,0:08:54.940 -just one these mixes has to be secure to actually +just one these MIXes has to be secure to actually 0:08:54.940,0:08:56.840 anonymize the whole connection 0:08:56.840,0:08:58.460 so it's slow but it's 0:08:58.460,0:09:05.460 distributed trust, which is good. 0:09:06.230,0:09:09.930 So, I want to introduce Tor 0:09:09.930,0:09:12.320 Tor stands for The Onion Router. 0:09:12.320,0:09:16.340 It's a concept that is actually built on 0:09:16.340,0:09:17.720 both these concepts 0:09:17.720,0:09:21.340 -mixes and proxies. +MIXes and proxies. 0:09:21.340,0:09:22.770 It's a TCP-Overlay network, 0:09:22.770,0:09:24.900 -means you can, uh +that means you can, uh 0:09:24.900,0:09:25.560 channel any 0:09:25.560,0:09:27.320 TCP connection through it 0:09:27.320,0:09:28.480 theoretically 0:09:28.480,0:09:31.310 -uh, theoretically I will explain +Uh, theoretically I will explain 0:09:31.310,0:09:33.790 a couple of slides later 0:09:33.790,0:09:37.040 -it provides a SOCKS interface so you don't need any uh, +It provides a SOCKS interface so you don't need any uh, 0:09:37.040,0:09:42.060 special application proxies like any application that uses -SOCKS interface can just, +SOCKS interface can just 0:09:42.060,0:09:43.370 -talk to talk +talk to Tor 0:09:43.370,0:09:48.070 and it's available on, um, all major platforms 0:09:48.070,0:09:53.940 -what is uh, especially important is available in Windows +What is uh, especially important it's available in Windows 0:09:53.940,0:09:55.850 -'cause, uhm, like I said earlier once +Because, uhm, like I said earlier once 0:09:55.850,0:09:57.740 you want a really diverse, 0:09:57.740,0:09:59.560 really diverse group of users 0:09:59.560,0:10:05.250 so you actually need uh, 0:10:05.250,0:10:06.860 the normal user 0:10:06.860,0:10:13.150 not just geeks. 0:10:13.150,0:10:15.160 Um, well it aims to uhm 0:10:15.160,0:10:15.939 combine the positive attributes of 0:10:15.939,0:10:17.480 -proxies and mixes +proxies and MIXes 0:10:17.480,0:10:18.749 Like, proxies are fast, but 0:10:18.749,0:10:20.620 seem prone to failure 0:10:20.620,0:10:21.770 -and mixes +and MIXes 0:10:21.770,0:10:24.590 distributed trust, you want to combine them 0:10:24.590,0:10:29.930 so uh 0:10:29.930,0:10:31.310 -Fast, uh, Tor use not only public key +Fast, uh, Tor uses not only public key 0:10:31.310,0:10:33.220 encryption but also session keys 0:10:33.220,0:10:35.170 -symmetrically encrypted. +so it's symmetrically encrypted. 0:10:35.170,0:10:37.260 -so uh +So uh 0:10:37.260,0:10:41.710 -All the connection set up is this public key so you just, uh +all the connection set up is this public key so you just, uh 0:10:41.710,0:10:44.840 -authentication and stuff? +authentication and stuff 0:10:44.840,0:10:50.860 And uh, the actual communication that's going on later is always symmetrically encrypted 0:10:50.860,0:10:54.170 And uh, so it's also TCP multiplexing 0:10:54.170,0:10:55.850 so you can run 0:10:55.850,0:10:58.520 several TCP connections through one 0:10:58.520,0:11:02.220 virtual Tor connection. 0:11:02.220,0:11:05.610 And the design goals are 0:11:05.610,0:11:06.790 yeah 0:11:06.790,0:11:07.880 deployability 0:11:07.880,0:11:09.770 like dums want the user to actually have 0:11:09.770,0:11:12.680 to patch his PC off the Operating System or something 0:11:12.680,0:11:16.070 -just be in a... workable state really fast +just be in a... workable state really fast. 0:11:16.070,0:11:19.340 -um, usability, +Um, usability, 0:11:19.340,0:11:20.600 so you get the uh, 0:11:20.600,0:11:22.400 normal users 0:11:22.400,0:11:26.850 not just the geeks. Flexibility, uhm 0:11:26.850,0:11:28.310 it's aimed to 0:11:28.310,0:11:29.910 enable more research 0:11:29.910,0:11:32.010 in this whole area. 0:11:32.010,0:11:33.059 -so, uh +So, uh 0:11:33.059,0:11:34.679 -the protocol to all users +the protocol Tor users 0:11:34.679,0:11:37.890 should be really flexible 0:11:37.890,0:11:42.110 And uh, for simplicity it's a security application and 0:11:42.110,0:11:45.900 well complexity doesn't play well with uh, 0:11:45.900,0:11:52.070 security 0:11:52.070,0:11:53.190 So, this uh, 0:11:53.190,0:11:55.300 it's how Tor works, more or less 0:11:55.300,0:11:58.800 Dave is uh, a directory server, 0:11:58.800,0:12:03.160 it uh, caches information about the network state 0:12:03.160,0:12:08.130 and uh, which Tor servers are available in the network 0:12:08.130,0:12:09.490 and uh 0:12:09.490,0:12:10.930 Alice downloads 0:12:10.930,0:12:14.740 this whole list from Dave 0:12:14.740,0:12:18.940 you see the Tor nodes with the plus here? 0:12:18.940,0:12:21.020 Through this random 0:12:21.020,0:12:22.790 tree of service 0:12:22.790,0:12:23.910 when she wants to talk to Jane 0:12:23.910,0:12:30.380 for example 0:12:30.380,0:12:34.280 -The first one is the entry node, middle LAN nodes, and the -uh exit nodes, I will leave thes for later +The first one is the entry node, middleman nodes, and the +uh exit nodes, I will leave these for later 0:12:34.280,0:12:41.000 uh, so this 0:12:41.000,0:12:43.990 Alice talks to the entry node 0:12:43.990,0:12:47.550 there's a connection that is going on and is public key encrypted 0:12:47.550,0:12:51.330 and they establish a session key and same 0:12:51.330,0:12:53.090 thing goes on 0:12:53.090,0:12:58.520 -in these two and these two so they can communicate later on +between these two and these two so they can communicate +later on 0:12:58.520,0:12:59.780 What's really important here 0:12:59.780,0:13:00.629 is the last connection here 0:13:00.629,0:13:03.090 is actually unencrypted. 0:13:03.090,0:13:05.240 I will talk about it later 0:13:05.240,0:13:06.610 So it has to be unencrypted 0:13:06.610,0:13:13.610 -so you can get your request through +so you can actually get your request through 0:13:20.690,0:13:22.700 -this is a virtual circuit +This is a virtual circuit 0:13:22.700,0:13:24.490 that gets established and uh 0:13:24.490,0:13:29.190 every, every 0:13:29.190,0:13:31.340 ten minutes 0:13:31.340,0:13:32.450 a new circuit is built 0:13:32.450,0:13:37.250 -when a new website, when a new request come through, so uh +when a new website, when a new request comes through, so uh 0:13:37.250,0:13:40.080 -this one stays, all these connections above stays +this one stays, all these connections above stay 0:13:40.080,0:13:41.940 in this circuit 0:13:41.940,0:13:43.630 and after ten 0:13:43.630,0:13:45.410 when after ten minutes, ah 0:13:45.410,0:13:52.410 Alice wants to talk to Jane, a new circuit is built 0:13:53.610,0:13:55.410 and uh, this is important 0:13:55.410,0:13:56.920 to get strong 0:13:56.920,0:13:57.710 anonymity 0:13:57.710,0:14:00.220 in case one connection is compromised, for example. 0:14:00.220,0:14:01.600 -An these ten minutes +And these ten minutes 0:14:01.600,0:14:04.490 -are really an arbitrary value +are really an arbitrary value, 0:14:04.490,0:14:08.560 -,you can choose anything +you can choose anything 0:14:08.560,0:14:10.660 you have to do the research 0:14:10.660,0:14:11.970 which value is best and so 0:14:11.970,0:14:18.970 ten minutes is compromised. 0:14:19.840,0:14:22.240 -With all you get exit policies, +With Tor you get exit policies, 0:14:22.240,0:14:24.640 this is important for the exit node 0:14:24.640,0:14:27.880 -the one which actually send the uh, +the one which actually sends the uh, 0:14:27.880,0:14:30.410 original request to the destination server 0:14:30.410,0:14:31.670 and huh 0:14:31.670,0:14:32.839 you can control which 0:14:32.839,0:14:34.220 TCP connections you want 0:14:34.220,0:14:39.180 -to allow from your node if you want +to allow from your own node if you want 0:14:39.180,0:14:41.000 -that's default policy which uh +As default policy which uh 0:14:41.000,0:14:43.610 blocks SMTP and NNTP to prevent uh 0:14:43.610,0:14:48.080 spamming and all stuff 0:14:48.080,0:14:49.060 but you can actually allow 0:14:49.060,0:14:51.970 SMTP if you want 0:14:51.970,0:14:54.070 and there's some other ports blocked 0:14:54.070,0:14:56.170 but the rest of it works so 0:14:56.170,0:14:57.900 HTTP SSH 0:14:57.900,0:15:01.630 all the important stuff 0:15:01.630,0:15:05.250 -that you would want to minimize just works +that you would want to anonymize just works 0:15:05.250,0:15:10.290 and uh, if you uh 0:15:10.290,0:15:13.050 this is important for uh, if you 0:15:13.050,0:15:18.540 -want to run you node, uh +want to run you own node, uh 0:15:18.540,0:15:19.220 waht kind of node you actually want to run 0:15:19.220,0:15:24.120 if you look at the picture, uh earlier 0:15:24.120,0:15:31.120 there's these three different nodes: entry node, -middleman note, and exit node +middleman node, and exit node 0:15:32.400,0:15:34.180 and uh, which node you want to run 0:15:34.180,0:15:36.780 depends on how many problems you want afterwards 0:15:36.780,0:15:39.590 I will talk about it later uh 0:15:39.590,0:15:40.970 this one, 0:15:40.970,0:15:46.950 the exit node actually forwards the uh, requested date, uh 0:15:46.950,0:15:47.700 depends upon what 0:15:47.700,0:15:51.570 what the user actually uh wants, that's 0:15:51.570,0:15:52.830 if the user uh 0:15:52.830,0:15:58.020 Alice in this case uh 0:15:58.020,0:16:02.080 insults someone out on a web forum, then uh the uh 0:16:02.080,0:16:03.470 administrator of the forum will see the IP address 0:16:03.470,0:16:05.340 of the 0:16:05.340,0:16:11.230 -exit node in his forum and not the one +exit node in his logs and not the one 0:16:11.230,0:16:15.330 of Alice so uh he's going to have the problems later on 0:16:15.330,0:16:18.250 so I will talk about it later 0:16:18.250,0:16:21.600 but you have to keep this in mind 0:16:21.600,0:16:28.600 -and uh, keep up everything and uh we can play the role of -entry nodes and middle man nodes +And uh, keep up everything and uh we can play the role of +entry nodes and middleman nodes 0:16:30.170,0:16:37.170 which is also important 0:16:39.130,0:16:42.930 Special feature of Tor are hidden services 0:16:42.930,0:16:45.850 these are services which can be 0:16:45.850,0:16:46.990 accessed 0:16:46.990,0:16:49.420 -without having an IP address +without having the IP address of them 0:16:49.420,0:16:50.960 so uh 0:16:50.960,0:16:56.300 you can't really find them physically 0:16:56.300,0:16:57.880 -so if you want to run a +So if you want to run a 0:16:57.880,0:16:59.720 hidden service you can do it from anywhere 0:16:59.720,0:17:01.850 -do it from inside this private network here +You can even do it from inside this private network here 0:17:01.850,0:17:05.950 -instead of a service and everyone in the outside world can -actually access it +You can set up a service and everyone in the outside world +can actually access it 0:17:05.950,0:17:07.770 even if you don't have the rights to do 0:17:07.770,0:17:11.330 port forwarding or something 0:17:11.330,0:17:13.580 uh, this is really important to, uh 0:17:13.580,0:17:15.690 resist Denial of Service, for example 0:17:15.690,0:17:20.160 -'cause every uh, +Because every uh, 0:17:20.160,0:17:20.519 every client that wants to 0:17:20.519,0:17:22.829 -access the service uh, gets +access the service uh, 0:17:22.829,0:17:25.700 gets a different route in the network 0:17:25.700,0:17:26.529 and uh, it's hard 0:17:26.529,0:17:28.460 to actually uh 0:17:28.460,0:17:31.970 DOS it. And it's also important to 0:17:31.970,0:17:33.610 resist censorship 0:17:33.610,0:17:38.510 And the addresses look like this: 0:17:38.510,0:17:43.280 -it's really a hash of a private key +it's really a hash of a public key 0:17:43.280,0:17:47.340 and each hidden service is actually, well, identified 0:17:47.340,0:17:53.300 by a public key 0:17:53.300,0:17:59.000 -this how it works, uhm, yet Alice the client +This how it works, uhm, yet Alice the client 0:17:59.000,0:18:02.170 and the hidden server, Bob. 0:18:02.170,0:18:04.120 And if Bob wants to, uh, 0:18:04.120,0:18:07.640 wants to set up a service, 0:18:07.640,0:18:08.159 he chooses three introduction points 0:18:08.159,0:18:09.899 out of the whole mass 0:18:09.899,0:18:11.920 of Tor servers. 0:18:11.920,0:18:18.920 And Bob has the public key to identify the service, and uh he sends 0:18:22.530,0:18:26.860 -this public key into each of these three introduction +this public key and the list of three introduction points to the directory server. 0:18:26.860,0:18:28.740 Now Alice wants to uh, 0:18:28.740,0:18:31.610 -connect to Bob, but first the first thing she does +connect to Bob, the first the first thing she does 0:18:31.610,0:18:34.480 is download this 0:18:34.480,0:18:38.910 this list with the introduction points and the uh 0:18:38.910,0:18:45.910 public key from the directory server. After that, uh 0:18:50.120,0:18:54.299 -she choose one of the uh introduction points +she chooses one of the uh introduction points 0:18:54.299,0:18:55.930 and uh, 0:18:55.930,0:19:02.920 posts a circle rendesvouz cookie there. A piece of data so uh, she can, uh 0:19:02.920,0:19:05.480 identify herself 0:19:05.480,0:19:06.900 and uh, she also 0:19:06.900,0:19:07.860 gives the introduction point 0:19:07.860,0:19:14.500 the address of her random rendesvouz point that Alice has chosen 0:19:14.500,0:19:18.550 so what happens then is uh, Bob notices that uh, 0:19:18.550,0:19:23.760 some data has been stored in the introduction point 0:19:23.760,0:19:28.160 and Alice and Bob uh, 0:19:28.160,0:19:31.230 make a rendesvouz point, and 0:19:31.230,0:19:34.940 Bob uses this, this uh 0:19:34.940,0:19:36.700 rendesvouz cookie to 0:19:36.700,0:19:38.180 actually identify himself on the rendesvouz point 0:19:38.180,0:19:39.990 and after that 0:19:39.990,0:19:46.990 all the connection of data runs through this rendesvouz point. 0:19:50.870,0:19:53.180 uh, if time permits I'll actually uh, 0:19:53.180,0:19:54.710 set up a rendesvouz 0:19:54.710,0:19:55.960 a hidden service here 0:19:55.960,0:19:59.120 so you can actually see how it works 0:19:59.120,0:20:06.120 I'll also demonstrate Tor, like I said 0:20:08.800,0:20:09.770 uh, there's some legal issues to be uhm 0:20:09.770,0:20:12.450 recognized, uh. As you can imagine, Tor may be forbidden in some 0:20:12.450,0:20:14.880 countries; especially totalitarian countries 0:20:14.880,0:20:17.530 which censor the Internet anyway 0:20:17.530,0:20:18.719 and uh, 0:20:18.719,0:20:21.030 you may get into trouble for using Tor 0:20:21.030,0:20:25.580 practically, anyone knows this 0:20:25.580,0:20:27.580 there can be crytpo restrictions 0:20:27.580,0:20:29.070 for example Great Britain, the uh 0:20:29.070,0:20:33.200 RIPA act, I'm not even sure what it stands for 0:20:33.200,0:20:36.140 but basically says that uh, 0:20:36.140,0:20:37.510 if the government wants, 0:20:37.510,0:20:40.410 then you have to give up your crypto keys 0:20:40.410,0:20:42.910 so they can decrypt it later 0:20:42.910,0:20:47.860 -and uh, yeah, it's not... +and uh, yeah, it's not really great 0:20:47.860,0:20:50.010 -and it's actually last week was the first case +and actually last week was the first case 0:20:50.010,0:20:52.890 when this was actually used in 0:20:52.890,0:20:56.600 Great Britain 0:20:56.600,0:21:00.720 -uh, there can be special laws like in Germany +Uh, there can be special laws like in Germany 0:21:00.720,0:21:03.480 sort of like a hacker paragraph 0:21:03.480,0:21:06.990 -just a nickname, it has some cryptic legal name +It's just a nickname, it has some cryptic legal name 0:21:06.990,0:21:07.940 uh, in reality 0:21:07.940,0:21:11.090 and it says that uh 0:21:11.090,0:21:14.570 you're liable if you, uh, 0:21:14.570,0:21:17.360 if you give people access to tools 0:21:17.360,0:21:20.020 that they can use to uh, 0:21:20.020,0:21:22.270 well, to do illegal stuff. 0:21:22.270,0:21:23.630 More or less. 0:21:23.630,0:21:27.080 It's really uh, 0:21:27.080,0:21:29.080 not concrete and no one really... 0:21:29.080,0:21:30.440 it could uh, 0:21:30.440,0:21:31.929 it could 0:21:31.929,0:21:36.669 restrict anything. From a map to a 0:21:36.669,0:21:39.210 -to God know what? Network tools. +to God know what Network tools. 0:21:39.210,0:21:40.880 and uh 0:21:40.880,0:21:43.559 But it was actually, it was actually passed so no one really knows 0:21:43.559,0:21:45.510 what's the, uhm 0:21:45.510,0:21:46.490 what's really 0:21:46.490,0:21:50.260 restrict by it. So Tor could be restricted 0:21:50.260,0:21:55.590 by it, because it could really enable people to do illegal stuff, 0:21:55.590,0:21:58.640 but no one really knows 0:21:58.640,0:22:00.990 and uh, the biggest Tor 0:22:00.990,0:22:02.250 -problems +problem is 0:22:02.250,0:22:07.480 that, uh 0:22:07.480,0:22:10.180 when uh, when it actually gets sent to a Tor network 0:22:10.180,0:22:13.210 the uh, the 0:22:13.210,0:22:14.669 IP address that 0:22:14.669,0:22:16.210 gets sent 0:22:16.210,0:22:17.220 well that's what the destination server 0:22:17.220,0:22:19.090 actually sees 0:22:19.090,0:22:21.200 is one of the exit nodes. 0:22:21.200,0:22:22.380 So when, uh 0:22:22.380,0:22:23.740 when a client 0:22:23.740,0:22:26.090 actually causes trouble, 0:22:26.090,0:22:26.950 then the one 0:22:26.950,0:22:29.790 that gets into trouble 0:22:29.790,0:22:32.460 is the exit nodes provider. And uh, 0:22:32.460,0:22:33.560 so stuff that gets done 0:22:33.560,0:22:38.620 for torment purpose like sending ransom mails or uh, 0:22:38.620,0:22:40.480 distributing illegal stuff 0:22:40.480,0:22:42.040 and it, this all happened 0:22:42.040,0:22:43.500 and, if you are 0:22:43.500,0:22:46.460 unlucky as an exit node operator 0:22:46.460,0:22:47.109 your server gets seized or something 0:22:47.109,0:22:52.059 and uh, 0:22:52.059,0:22:55.530 that's random stuff that can happen 0:22:55.530,0:22:56.540 -though, uh, +So uh, 0:22:56.540,0:22:59.559 as an exit nodes provider you can get 0:22:59.559,0:23:03.690 -letters from Law Enforcement entities, and uh +letters from Law Enforcement agencies, and uh 0:23:03.690,0:23:05.649 What are you doing there? 0:23:05.649,0:23:06.830 Maybe some illegal stuff? 0:23:06.830,0:23:10.040 And you have to explain to them that you are 0:23:10.040,0:23:12.260 -providing Tor server +providing Tor server and 0:23:12.260,0:23:13.980 it wasn't you 0:23:13.980,0:23:15.120 and stuff. 0:23:15.120,0:23:18.020 For example the FBI 0:23:18.020,0:23:19.960 in America 0:23:19.960,0:23:23.580 actually knows what you're talking about when you tell them 0:23:23.580,0:23:24.580 that you're using Tor... 0:23:24.580,0:23:26.019 so, uh 0:23:26.019,0:23:26.600 they won't bother. 0:23:26.600,0:23:28.810 But in Germany the uh, 0:23:28.810,0:23:34.830 Law Enforcement agencies, actually are, so so 0:23:34.830,0:23:41.440 depends on what kind of guy you're actually talking to 0:23:41.440,0:23:47.120 -So what's... what kind of role plays FreeBSD here? +So what's... What kind of role plays FreeBSD here? 0:23:47.120,0:23:51.880 uh, FreeBSD is really well suited as a Tor node, uh 0:23:51.880,0:23:55.490 when you're operating the client you just want to use the network, uh 0:23:55.490,0:23:57.830 it doesn't matter what kind of system you use 0:23:57.830,0:23:59.150 and it shouldn't matter 0:23:59.150,0:24:00.830 -There's one of the, uh +This is one of the, uh 0:24:00.830,0:24:03.130 like I said earlier one of the design 0:24:03.130,0:24:05.500 criteria of Tor 0:24:05.500,0:24:08.610 so it doesn't matter if you're using Windows or FreeBSD. 0:24:08.610,0:24:09.929 But if you're using the Tor 0:24:09.929,0:24:14.290 as actually uh, 0:24:14.290,0:24:17.320 -the security of other depends on your node +the security of others depends on your node 0:24:17.320,0:24:20.690 and uh, 0:24:20.690,0:24:22.950 when you're operating a node is important to 0:24:22.950,0:24:25.310 have Operational Security 0:24:25.310,0:24:25.980 and Jails 0:24:25.980,0:24:27.550 are really great for this, 0:24:27.550,0:24:29.980 so you can run a Tor server in Jail. 0:24:29.980,0:24:32.950 It's also Disk and Swap encryption 0:24:32.950,0:24:38.010 which is important, especialy the swap encryption. And uh, 0:24:38.010,0:24:39.390 there's also audit 0:24:39.390,0:24:40.740 -and the mac framework +and the MAC framework 0:24:40.740,0:24:43.780 when you want to run your installation 0:24:43.780,0:24:46.220 What's also nice, 0:24:46.220,0:24:46.659 Tor servers do a lot of public key encryption 0:24:46.659,0:24:48.440 and it's pretty slow 0:24:48.440,0:24:49.480 so it's great to have 0:24:49.480,0:24:54.750 hardware acceleration for this. 0:24:54.750,0:24:56.160 And uh, probably the biggest feature: 0:24:56.160,0:25:03.160 Well maintained Tor-related ports. 0:25:04.060,0:25:07.390 -There is the main port, security Tor +There is the main port, security/Tor 0:25:07.390,0:25:11.370 -Which is a client and server if you want to run +Which is a client and server if you want to run 0:25:11.370,0:25:13.610 a network node, or just a client. 0:25:13.610,0:25:15.210 -There's Tor level +There's tor-devel 0:25:15.210,0:25:16.450 and these are really up to date, uhm 0:25:16.450,0:25:22.830 Tor development happens really fast 0:25:22.830,0:25:23.710 -and ports get updated +and the ports get updated 0:25:23.710,0:25:30.710 pretty soon after a release is made. 0:25:32.050,0:25:39.050 There's Privoxy, which is an uhm web proxy and uhm, we'll use it later when we do the demonstration 0:25:41.320,0:25:44.310 And there's net management Vidalia which is a -graphical content +graphical frontend 0:25:44.310,0:25:47.200 also for Windows 0:25:47.200,0:25:48.260 and, uhm 0:25:48.260,0:25:53.929 -there's trans-proxy Tor +there's trans-proxy-tor 0:25:53.929,0:25:58.650 which enables you to actually 0:25:58.650,0:25:59.560 uhm, well there's some 0:25:59.560,0:26:02.080 badly written applications out there 0:26:02.080,0:26:05.280 that do stuff that's 0:26:05.280,0:26:07.510 that makes it hard for Tor to 0:26:07.510,0:26:08.860 -run with them +anonymize them 0:26:08.860,0:26:10.810 -and you can use trans-proxy Tor +and you can use trans-proxy-tor 0:26:10.810,0:26:15.510 to tunnel such connections through the Tor network. 0:26:15.510,0:26:20.580 We'll actually talk about them in the next slide. 0:26:20.580,0:26:24.960 Yeah. What else do you need to take care of besides running Tor? 0:26:24.960,0:26:27.130 Uh, there's name resolution, uh... 0:26:27.130,0:26:28.760 Some applications just 0:26:28.760,0:26:30.500 bypass the configured proxy 0:26:30.500,0:26:34.500 -for example FireFox versions below version 1.5, +for example Firefox versions below version 1.5, 0:26:34.500,0:26:35.700 which send every data, 0:26:35.700,0:26:38.320 all data through the proxy 0:26:38.320,0:26:38.909 but not 0:26:38.909,0:26:40.880 DNS requests 0:26:40.880,0:26:44.380 so they actually result in mistrust 0:26:44.380,0:26:46.450 and uh, so yeah 0:26:46.450,0:26:49.280 the connection is actually anonymized 0:26:49.280,0:26:51.080 but the DNS server 0:26:51.080,0:26:52.250 really knows 0:26:52.250,0:26:53.870 uh, who you were talking to 0:26:53.870,0:27:00.870 and this is really the intention of Tor, but uh, newer versions actually takes. 0:27:03.130,0:27:04.240 Uh, there's the usual 0:27:04.240,0:27:09.990 cookies, web-bugs, referrer and stuff, uhm 0:27:09.990,0:27:11.800 which uh, 0:27:11.800,0:27:13.530 sites can use to check which 0:27:13.530,0:27:20.530 websites you're visiting, and it's just the usual disabling stuff 0:27:20.549,0:27:23.250 Privoxy is a great tool to 0:27:23.250,0:27:28.160 normalize HTTP traffic. 0:27:28.160,0:27:30.010 And it's also great to uhm, well filter off advertising 0:27:30.010,0:27:36.370 and stuff. 0:27:36.370,0:27:38.660 This should be really obvious 0:27:38.660,0:27:41.110 but apparently is not. Uhm, 0:27:41.110,0:27:43.770 There's so many people who don't realize 0:27:43.770,0:27:44.700 that the last connection 0:27:44.700,0:27:46.380 chain is actually unencrypted 0:27:46.380,0:27:50.900 if you're using, uh 0:27:50.900,0:27:53.250 if you're not using a secure protocol. 0:27:53.250,0:27:54.100 So, 0:27:54.100,0:27:56.440 people actually uhm, 0:27:56.440,0:27:59.430 get their mail through POP3 or something 0:27:59.430,0:28:04.870 and the exit nodes can just run desniff and sniff out all the passwords. 0:28:04.870,0:28:11.870 And it's really surprising how many people uh, do this. 0:28:13.450,0:28:16.700 -So, lesson learned: use secure protocol. +So, lesson learned: use secure protocols. 0:28:16.700,0:28:18.220 There are also other services that require 0:28:18.220,0:28:20.630 registration, for example, 0:28:20.630,0:28:22.040 with your e-mail address or 0:28:22.040,0:28:23.640 personal 0:28:23.640,0:28:25.360 data 0:28:25.360,0:28:27.590 and uh, well 0:28:27.590,0:28:28.620 if you're using Tor and you 0:28:28.620,0:28:35.620 actually log on to one of those services, Tor can help you 0:28:40.850,0:28:42.440 So, once I actually demonstrate how 0:28:42.440,0:28:49.440 this all works. 0:29:13.550,0:29:15.520 Uh, I've installed Tor and 0:29:15.520,0:29:22.520 Privoxy on this system 0:29:24.810,0:29:27.180 -the config files are on the usual places. +Config files are on the usual places. 0:29:27.180,0:29:34.180 -And if you read this, this little.. small.. Is this alright? +And if you read this, this little... small... +Is this alright? 0:29:46.950,0:29:50.600 -So there is this Tor I see sample file +So there is this torrc sample file 0:29:50.600,0:29:57.600 which we can use 0:30:07.020,0:30:08.370 so this 0:30:08.370,0:30:10.340 there's the usual commands and stuff 0:30:10.340,0:30:11.030 and this, 0:30:11.030,0:30:15.720 much stuff that we don't need for the moment 0:30:15.720,0:30:19.840 there's this uh, 0:30:19.840,0:30:24.220 SOCKS port and SOCKS listen address information 0:30:24.220,0:30:31.220 -that's the +that just 0:30:32.770,0:30:34.659 tells you where to connect your uh, 0:30:34.659,0:30:36.679 your proxy to 0:30:36.679,0:30:38.200 so this is the information that we use in Privoxy to 0:30:38.200,0:30:41.450 access Tor. 0:30:41.450,0:30:42.190 Uhm, 0:30:42.190,0:30:45.320 all we have to do to actually use Tor is 0:30:45.320,0:30:48.970 copy over the config file. 0:30:48.970,0:30:55.970 Start the service 0:31:04.110,0:31:10.570 so, it tells us it's running... Now we have to 0:31:10.570,0:31:12.350 take a look at Privoxy 0:31:20.880,0:31:25.120 There's also lots of stuff that we don't need right now 0:31:25.120,0:31:30.360 What we need is the uh, 0:31:30.360,0:31:31.740 we need to tell 0:31:31.740,0:31:33.809 Privoxy uh, 0:31:33.809,0:31:40.809 -where to send connections requests. +where to send connection requests. 0:31:51.740,0:31:53.659 Ok, I've actually entered this earlier 0:31:53.659,0:31:54.860 uhm, 0:31:54.860,0:31:58.700 all it says is uh, 0:31:58.700,0:32:03.490 forward all requests to 0:32:03.490,0:32:10.490 the uh, SOCKS client 0:32:13.020,0:32:20.020 So we just start 0:32:34.120,0:32:38.870 -Ok, so we all set +Ok, so we are all set 0:32:38.870,0:32:40.480 Now we can just do 0:32:40.480,0:32:47.480 -everything with our brother +everything with our browser 0:32:50.790,0:32:52.029 -we all started times +Startup time sucks a bit 0:32:52.029,0:32:59.029 -a bit slow on my external drive +because of my external drive 0:33:06.860,0:33:08.070 okay, uh 0:33:08.070,0:33:11.470 proxy settings 0:33:11.470,0:33:16.140 we just put in our Privoxy server 0:33:16.140,0:33:23.140 -which listens on port 3128, hopefully, or does it? +which listens on port 3128, hopefully, or doesn't? Oh, 8108, that's it. 0:33:47.360,0:33:49.060 Ok, so every 0:33:49.060,0:33:56.060 connection we want to make should actually be routed through the Tor network 0:33:56.820,0:33:58.880 uhm, this is going to take a little bit, 0:33:58.880,0:34:01.950 -'cause all the route selection needs to be done +Because all the route selection needs to be done 0:34:01.950,0:34:08.950 all the public crypto, there's also network latency 0:34:13.059,0:34:14.539 Once the connections are actually setup 0:34:14.539,0:34:17.789 it's pretty fast, not like this 0:34:17.789,0:34:21.159 and it's uh, really dependent upon uh, 0:34:21.159,0:34:21.419 which 0:34:21.419,0:34:23.059 kind of nodes you get 0:34:23.059,0:34:26.669 if you have a node that is running a modem then, 0:34:26.669,0:34:33.669 you'll have problem, it's really slow 0:34:36.099,0:34:42.989 -ok, while waiting +Ok, while waiting 0:34:42.989,0:34:45.319 we can actually take a look 0:34:45.319,0:34:52.319 at how our hidden service is configured 0:34:59.699,0:35:03.369 -there's some lines for the Tor config file +There's some lines for the Tor config file 0:35:03.369,0:35:07.439 the routing services 0:35:07.439,0:35:14.219 Ok, so you can see here hidden services here and hidden service port 0:35:14.219,0:35:19.369 as I said, the hidden service is identified by a public key, and uh, if you 0:35:19.369,0:35:22.159 -uncommand this sutff, +uncomment this sutff, 0:35:22.159,0:35:24.999 and uh, 0:35:24.999,0:35:26.619 we start Tor 0:35:26.619,0:35:28.249 quickly 0:35:28.249,0:35:31.690 generate a public key and put it into the start tree 0:35:31.690,0:35:38.690 and it will, uh, well it actually says to uh, 0:35:40.659,0:35:47.659 where this omni address earlier, 0:35:48.549,0:35:49.539 we'll just 0:35:49.539,0:35:56.539 route every connection through this address to this local nodes line 0:36:02.119,0:36:07.199 This could be the case that uh, 0:36:07.199,0:36:08.640 that an exit node 0:36:08.640,0:36:11.599 doesn't uh, 0:36:11.599,0:36:18.599 -allow +allow DNS 0:36:19.779,0:36:22.900 Ok, this is typical that when you want to show stuff it doesn't work 0:36:22.900,0:36:25.369 -it worked earlier, so uh, it's not the network's fault +It worked earlier, so uh, it's not the network's fault 0:36:25.369,0:36:27.619 let's uh, 0:36:27.619,0:36:31.609 back to the hidden services 0:36:31.609,0:36:38.609 So we actually need to 0:36:39.230,0:36:46.230 change this 0:36:51.170,0:36:55.099 -The default directory in FreeBSD is bar/db/Tor +The default directory in FreeBSD is /var/db/tor 0:36:55.099,0:36:57.909 and uh, 0:36:57.909,0:37:03.249 and when we start Tor it will actually, uh 0:37:03.249,0:37:07.499 create the service directory 0:37:07.499,0:37:11.789 -by itself. It's also a web server listening on port 80 +by itself. It's also a web server listening on port 80 on localhost 0:37:11.789,0:37:13.889 so we can 0:37:13.889,0:37:20.889 and hopefully will be able to see it later on 0:37:45.849,0:37:48.529 -okay, so let's see if +Okay, so let's see if 0:37:48.529,0:37:49.679 this stuff is already 0:37:49.679,0:37:56.679 actually created. 0:38:02.829,0:38:03.790 Ok, so you have 0:38:03.790,0:38:05.069 two parts in this directory 0:38:05.069,0:38:11.650 hostname and private key. Private key is uh, +self-explanatory 0:38:11.650,0:38:14.739 and the hostname is actually what you give to people if you want to 0:38:14.739,0:38:21.739 to publish your service 0:38:33.319,0:38:36.039 -this is actually less likely to work right now +This is actually less likely to work right now 0:38:36.039,0:38:40.059 because it takes some time for Tor to choose these 0:38:40.059,0:38:41.639 introduction points, 0:38:41.639,0:38:44.880 send all this stuff to directory services 0:38:44.880,0:38:47.369 -it takes time for directory services to sync up +It takes time for directory services to sync up 0:38:47.369,0:38:54.329 and actually distribute information to the clients 0:38:54.329,0:39:00.789 -and when we want to exit the service, we actually put +and when we want to access the service, we actually put this address into the uh, 0:39:00.789,0:39:03.889 the address line, and uh, 0:39:03.889,0:39:05.069 Tor knows how to 0:39:05.069,0:39:12.069 -deal with this uh, the Onion pop up domain, so uh +deal with this uh, the Onion top-level domain, so uh 0:39:15.410,0:39:22.410 this usually actually works. Let's see what's going on here... 0:39:33.499,0:39:35.049 Well, like I said 0:39:35.049,0:39:37.529 this one will take a while and 0:39:37.529,0:39:40.450 what's going on with the other one? I can actually see 0:39:40.450,0:39:45.039 But uh, 0:39:45.039,0:39:47.850 usually you can just go to one of these server websites 0:39:47.850,0:39:50.209 that tell you your IP address, and 0:39:50.209,0:39:52.899 Google is a fair example 0:39:52.899,0:39:56.709 you can go to Google and Google will get you a 0:39:56.709,0:40:00.589 localized web page. 0:40:00.589,0:40:02.879 For example, when you are from Germany, and you go to 0:40:02.879,0:40:04.099 -Google.com, you get a German webpage +google.com, you get a German webpage 0:40:04.099,0:40:07.379 and if you're using Tor and you go to Google, 0:40:07.379,0:40:09.679 it depends 0:40:09.679,0:40:10.319 upon where your exit point is located 0:40:10.319,0:40:11.859 for example, 0:40:11.859,0:40:14.029 if it is in the Netherlands, 0:40:14.029,0:40:21.029 you get a Dutch Google, which is uh, pretty cool. 0:40:23.329,0:40:25.549 -so uh, +So uh, 0:40:25.549,0:40:27.419 I'll have to take a look later 0:40:27.419,0:40:28.829 while I'm working 0:40:28.829,0:40:35.829 -so let's just, continue for a moment +So let's just, continue for a moment 0:40:38.569,0:40:41.009 -ok, to summarize, uh +Ok, to summarize, uh 0:40:41.009,0:40:44.799 Tor is actually useful if 0:40:44.799,0:40:51.799 you want to be hidden on the net. If it actually works. Not in this case, uh 0:40:55.519,0:40:59.339 Tor is usually pretty cool to offer services from anywhere 0:40:59.339,0:41:00.410 so theoretically 0:41:00.410,0:41:02.509 it should work 0:41:02.509,0:41:03.549 -I should +that I 0:41:03.549,0:41:06.049 -publish my hidden services from around here +publish my hidden service around here 0:41:06.049,0:41:10.429 and anyone in the world that's connected to the Tor network -can actually exit it, access it +can actually access it 0:41:10.429,0:41:12.169 and uh 0:41:12.169,0:41:14.799 -Privoxy is a pretty cool platform for Tor +FreeBSD is a pretty cool platform for Tor 0:41:14.799,0:41:18.819 -'cause it's for one, it has very nice +Because it has very nice 0:41:18.819,0:41:21.779 security features like jail 0:41:21.779,0:41:23.949 and if you want to run a Tor node 0:41:23.949,0:41:25.899 and uh, 0:41:25.899,0:41:27.949 tools like Tor are really needed 0:41:27.949,0:41:28.860 in our time 0:41:28.860,0:41:35.860 this isn't going 0:41:36.599,0:41:43.599 to get better any time soon; so uh, we better create the tools now 0:41:45.779,0:41:52.779 to circumvent this 0:41:52.899,0:41:59.039 Take a quick look at the uh browser again 0:41:59.039,0:42:00.089 currently the uh, 0:42:00.089,0:42:02.660 connection set up failed 0:42:02.660,0:42:04.070 which I can't do anything about right now. 0:42:04.070,0:42:11.070 uh, which one? 0:42:23.089,0:42:25.629 Oh, that's all me 0:42:25.629,0:42:27.539 uhm 0:42:27.539,0:42:30.249 it depends upon 0:42:30.249,0:42:33.140 you can use any port you like 0:42:33.140,0:42:34.539 -depend on uh, +It depends on uh, 0:42:34.539,0:42:39.279 what port the nodes use. Nodes can use any port 0:42:39.279,0:42:42.259 for example, when I don't want to run nodes 0:42:42.259,0:42:44.109 I can put it on pause 0:42:44.109,0:42:45.679 port 80 if you want 0:42:45.679,0:42:47.470 so anyone who uh 0:42:47.470,0:42:49.219 who has uh 0:42:49.219,0:42:50.979 HTTP access can actually access my node 0:42:53.009,0:42:56.529 so uh 0:42:56.529,0:43:01.299 -yet in theory uh +In theory uh 0:43:01.299,0:43:05.959 you can use any port you like. 0:43:05.959,0:43:12.009 So, this isn't going to work. 0:43:12.009,0:43:13.519 Maybe I'll just uh, 0:43:13.519,0:43:20.519 if anyone is interested, I'll just try again later 0:43:33.089,0:43:34.680 That's port 80 0:43:34.680,0:43:39.369 it's a you know, HTTP connection so, 0:43:39.369,0:43:42.359 So, are there any questions? 0:43:42.359,0:43:49.359 Yes? 0:44:06.140,0:44:08.689 Well, usually I use Opera, so -0:44:08.689,0:44:13.679 -a - 0:44:13.679,0:44:15.659 I didn't know 0:44:26.839,0:44:28.970 Yes, there are about 300 uh, 0:44:32.879,0:44:35.040 I think about 0:44:35.040,0:44:39.759 300 Tor servers around the world 0:44:39.759,0:44:43.349 No, it's uh correct 0:44:43.349,0:44:47.119 at the moment there are three directory servers 0:44:47.119,0:44:49.579 worldwide 0:44:49.579,0:44:51.630 you can recognize them by their public key 0:44:51.630,0:44:52.909 and their public keys are 0:44:52.909,0:44:56.119 hard coded into the source code at the moment 0:44:56.119,0:44:58.799 so, the uh 0:44:58.799,0:45:01.499 Tor developers actually run those directory servers 0:45:01.499,0:45:08.499 -but this is really crypto infrastucture +but this is really critical infrastucture 0:45:11.729,0:45:12.719 uhm 0:45:12.719,0:45:14.729 Well it's it's hard to say 0:45:14.729,0:45:16.219 -'cause the question was uh +Because the question was uh 0:45:16.219,0:45:21.799 Were there any estimates on uh, 0:45:21.799,0:45:26.489 net usage and other stuff 0:45:26.489,0:45:31.730 it's really hard to say because it's an anonymization network so uh, 0:45:31.730,0:45:32.999 you can't say for sure, but there are estimates of one hundred thousand users around the world 0:45:32.999,0:45:36.949 and uh, I'm not sure of the traffic. 0:45:36.949,0:45:39.219 I used to run a middleman node, 0:45:39.219,0:45:40.369 and in one monthm 0:45:40.369,0:45:42.699 it would make 0:45:42.699,0:45:43.849 it was on a one hundred megabits 0:45:43.849,0:45:45.359 or dedicated line, 0:45:45.359,0:45:47.249 and it made about one terabyte of traffic 0:45:47.249,0:45:49.459 so it's a lot of traffic 0:45:49.459,0:45:52.449 going on 0:45:52.449,0:45:56.259 and unfortunately also a lot of filesharing systems 0:45:56.259,0:45:59.739 -which it doesn't relly make sense 'cause they're slow +which it doesn't relly make sense because they're slow 0:45:59.739,0:46:00.570 -so uhm, +So uhm, 0:46:00.570,0:46:01.609 Tor is really cool 0:46:01.609,0:46:03.359 for web browsing and stuff 0:46:03.359,0:46:10.359 but if you really want to move a lot of data it's not a good tool 0:46:10.759,0:46:11.479 -ah, any other questions? Doesn't seem to be the case. Ok! +Ah, any other questions? Doesn't seem to be the case. Ok! diff --git a/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv b/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv index e3ff5ee343..55d933cd40 100644 --- a/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv +++ b/en_US.ISO8859-1/captions/2007/nycbsdcon/dixon-bsdisdying.sbv @@ -1,943 +1,947 @@ 0:00:07.329,0:00:13.679 You're here, Bob, of course. Bob is hot. Bob is very hot. 0:00:13.679,0:00:14.679 Welcome to BSD is Dying. 0:00:14.679,0:00:15.779 No, it's not dead yet, 0:00:15.779,0:00:16.529 we're getting there. 0:00:16.529,0:00:18.949 Anybody out here last year? 0:00:18.949,0:00:24.939 -Okay. I gave a really bad talk on pf, so and I +Okay. I gave a really bad talk on pf, and I appreciate Bob coming out and correcting me this year. 0:00:24.939,0:00:28.550 Anyways, we should go and get started. 0:00:28.550,0:00:33.560 BSD is Dying. 0:00:33.560,0:00:35.820 What is BSD? 0:00:35.820,0:00:40.150 I think most of us know, BSD is a derivative of UNIX. 0:00:40.150,0:00:41.630 Okay, what is UNIX? 0:00:41.630,0:00:44.300 UNIX is an 0:00:44.300,0:00:45.260 operating system. 0:00:45.260,0:00:48.000 What is an operating system? 0:00:48.000,0:00:53.930 It runs computers. 0:00:53.930,0:00:56.610 But, what is a computer? 0:00:56.610,0:01:03.610 It helps users accomplish tasks. What is a user? -A user is somebody biped like +A user is somebody biped 0:01:07.409,0:01:10.600 -biped that stands up right sort of like me. +that stands up right sort of like me. 0:01:10.600,0:01:14.280 Who am I? My name is Jason Dixon. 0:01:14.280,0:01:18.000 First and foremost, a SysAdmin. I like to work on networks, 0:01:18.000,0:01:18.590 firewalls. I like to tweak. 0:01:18.590,0:01:21.350 No. Yes. 0:01:21.350,0:01:27.630 I'm a programmer, sort of. I enjoy 0:01:27.630,0:01:28.960 Perl, Postgres, 0:01:28.960,0:01:30.820 on Apache 0:01:30.820,0:01:34.150 servers. I'm a consultant here. I'm an employee 0:01:34.150,0:01:38.920 here, and a lover of 0:01:38.920,0:01:40.150 BSD. 0:01:40.150,0:01:42.050 Why am I here? 0:01:42.050,0:01:46.970 That’s the question I've been asking myself all along. 0:01:46.970,0:01:48.630 To talk about why BSD is dying. 0:01:48.630,0:01:52.380 -Sex, and greed. +Sex and greed. 0:01:52.380,0:01:59.380 Someone kick these guys out. 0:02:00.410,0:02:05.470 Okay. So again, what is BSD? What is UNIX? What is an operating system? What is a computer? 0:02:05.470,0:02:12.470 Computer is a device that computes, especially a programmable electronic machine that performs high-speed mathematical or logical operations or that assembles, stores, correlates, or 0:02:13.900,0:02:14.390 otherwise processes 0:02:14.390,0:02:15.529 information. 0:02:15.529,0:02:19.090 This is a computer. This is also known as a 0:02:19.090,0:02:22.459 computer. This is a really big computer. 0:02:22.459,0:02:28.309 -This is a fake computer, and sometimes, just can, well, compute +This is a big big computer, and sometimes, +it just can, well, compute 0:02:28.309,0:02:31.339 But what does a computer really do? 0:02:31.339,0:02:33.729 All right, it helps us write documents, 0:02:33.729,0:02:40.729 shopping lists. Sometimes, it can even delete documents. -It helps us work with emails, +It helps us work with email, 0:02:42.050,0:02:46.749 surf the Web, movies, 0:02:46.749,0:02:48.769 and listen to music. 0:02:48.769,0:02:50.409 Oh, and yes, games. 0:02:50.409,0:02:53.959 How? How does the computer let us do these 0:02:53.959,0:02:56.569 things? Well, it takes the work 0:02:56.569,0:03:00.179 and using the computer component, we can translate it into machine language 0:03:00.179,0:03:01.489 that is the foundation 0:03:01.489,0:03:07.999 for kernel, libraries, userland applications, -otherwise known as operating system. +otherwise known as an operating system. 0:03:07.999,0:03:10.659 like BSD. 0:03:10.659,0:03:12.619 What is a kernel? 0:03:12.619,0:03:16.439 It's a wonderful thing, it allows 0:03:16.439,0:03:23.439 -The management and processes of memory, peripheral devices, +The management of processes memory, peripheral devices, and by extension, allows us to do networking, security, 0:03:23.540,0:03:26.639 work with disks and file systems, user interfaces, -userland applications, +userland applications, like 0:03:26.639,0:03:33.619 people can write documents, check email, surf the Web, watch movies, listen to music, and play games. 0:03:33.619,0:03:38.209 and much, much more. 0:03:38.209,0:03:41.009 So, in summary, BSD 0:03:41.009,0:03:44.150 is a UNIX-derived operating system 0:03:44.150,0:03:51.150 enables users to harness the power of a computer to process information. It uses the kernel to manage processes memory, and peripheral devices. And by extension, we can perform 0:03:51.730,0:03:58.149 networking, enforce security, read from and write to storage devices, and interface visually to applications like text editors, mail clients, Web browsers, multimedia players, and 0:03:58.149,0:04:05.149 games. 0:04:05.509,0:04:09.199 In the beginning, I'm going to try and breeze through this, people 0:04:09.199,0:04:10.970 The Holy 0:04:10.970,0:04:15.369 Trinity – MIT, Bell Labs, and GE created a systems called Multics. 0:04:15.369,0:04:18.750 This is a nice flash from the past. 0:04:18.750,0:04:20.650 Life was good. 0:04:20.650,0:04:21.639 No. No. 0:04:21.639,0:04:22.849 Actually, it 0:04:22.849,0:04:24.970 wasn’t. The Multics was a commercial 0:04:24.970,0:04:29.690 failure. So, a couple of gentlemen like Ken Thompson and -Dennis Ritchie +Dennis Ritchie were not 0:04:29.690,0:04:34.539 -[xx] support, like to play games. They worked at Bell Labs +[xx] support, liked to play games. They worked at Bell Labs and they had this game called 0:04:34.539,0:04:36.470 Space Travel, which performed really 0:04:36.470,0:04:40.500 really badly. So, what's…actually, I'm sorry 0:04:40.500,0:04:43.639 it ran on a PDP-7. 0:04:43.639,0:04:48.989 What is an assembly programmer to do when a game -doesn’t work properly on the star board? He moves +doesn’t work properly on the star board? He mauls 0:04:48.989,0:04:53.240 it. So, in 1969, Ken Thompson 0:04:53.240,0:04:53.969 and 0:04:53.969,0:04:58.620 Sorry, came out with the Uniplexed Information 0:04:58.620,0:05:01.270 and Computing System. It was capable of supporting 0:05:01.270,0:05:02.499 a number of users 0:05:02.499,0:05:04.189 up to two. 0:05:05.239,0:05:07.100 And by 0:05:07.100,0:05:11.949 -1970, UNIX was officially known as U-N-I-X +1970, UNIX was officially known as U-N-I-X Unix 0:05:11.949,0:05:14.759 It ran on a PDP1145 0:05:14.759,0:05:17.929 and was capable of text processing 0:05:17.929,0:05:21.019 and had utilities like roff and a text editor. 0:05:21.019,0:05:22.409 for the purpose of 0:05:22.409,0:05:24.210 patents. By 0:05:24.210,0:05:28.929 1973, they rewrote UNIX and a programming language called 0:05:28.929,0:05:33.340 C which allowed AT&T to make the source code available to let other 0:05:33.340,0:05:35.650 people run it on their systems. 0:05:35.650,0:05:40.110 By 1974, a gentleman by the name of Bob Fabry, who was at the University 0:05:40.110,0:05:42.079 of Cal Berkeley in their Computer Science Department 0:05:42.079,0:05:44.940 bought a copy of UNIX for $99. 0:05:44.940,0:05:47.710 to run their PDP-11. 0:05:47.710,0:05:52.850 By 1977, a gentleman named Bill Joy, a graduate 0:05:52.850,0:05:55.569 student, distributed the Berkeley Software 0:05:55.569,0:05:56.979 Distribution as 0:05:56.979,0:06:02.590 1BSD. It was on a tape media that contained the PASCAL 0:06:02.590,0:06:04.270 compiler, the ex editor, and 0:06:04.270,0:06:09.289 by 1978, it was known as 2BSD with 0:06:09.289,0:06:10.179 vi, csh, and the list 0:06:10.179,0:06:11.549 goes on. 0:06:11.549,0:06:17.030 By 4BSD, we had job control, delivermail, 0:06:17.030,0:06:21.339 precursor to sendmail, curses, libraries. 1981, 0:06:21.339,0:06:24.750 4.1BSD, this one, we are recorded through VAX 0:06:24.750,0:06:30.539 -4.1BSD addressed memory performance issues with UNIX on VAX +addressed a number of memory performance issues with UNIX on VAX 0:06:30.539,0:06:34.159 1983, 4.2BSD uses TCP/IP from BBN, 0:06:34.159,0:06:36.990 and also the Berkeley Fast File System from the 0:06:36.990,0:06:39.219 gentleman, Kirk McKusick, 0:06:39.219,0:06:44.100 -who also brought us the original BSD mascot. +who also brought us the original Beastie today. 0:06:44.100,0:06:49.280 In 1986, 4.3BSD introduced performance improvements over 4.2BSD 0:06:49.280,0:06:53.299 By 1988, we had a list called 4.3BSD-Tahoe 0:06:53.299,0:06:57.180 originally intended to run on the Power 6/32 “Tahoe” platform. 0:06:57.180,0:07:00.160 That platform actually never came to fruition 0:07:00.160,0:07:04.280 -but it did allow us to extract some of the +but it did allow us to abstract some of the machine-independent 0:07:04.280,0:07:07.240 code which allowed it to become portable much later on. 0:07:07.240,0:07:09.050 By 1989, there was 0:07:09.050,0:07:10.810 Net/1, which separated the networking code 0:07:10.810,0:07:14.349 from the AT&T UNIX code 0:07:14.349,0:07:17.399 allowing for a permissive BSD license 0:07:17.399,0:07:20.479 By 1990, 4.3BSD-Reno 0:07:20.479,0:07:24.770 introduced the MACH virtual files, MACH virtual 0:07:24.770,0:07:27.189 memory system, Sun-compatible NFS 0:07:27.189,0:07:30.939 However, it was known as a real 0:07:30.939,0:07:34.119 gamble, hence the Reno moniker. 0:07:34.119,0:07:36.690 By 1991, we had 0:07:36.690,0:07:40.280 Net/2 where all AT&T code and utilities were replaced or removed 0:07:40.280,0:07:44.439 and ran on the Intel 386 0:07:44.439,0:07:47.360 and it became the basis for the 386BSD 0:07:47.360,0:07:50.840 and BSD/386 releases. 0:07:50.840,0:07:52.870 A gentleman by the name of Bill Jolitz 0:07:52.870,0:07:54.880 behind 386 0:07:54.880,0:07:58.169 BSD release, which eventually became the foundation for 0:07:58.169,0:07:59.849 FreeBSD and NetBSD. 0:07:59.849,0:08:02.250 And the 0:08:02.250,0:08:09.250 BSD3, I'm sorry, the 386BSD, which later on became BSD/OS by BSDI 0:08:09.659,0:08:14.599 -Exodus. Back in 1992, a wholly own subsidiary of +Exodus. Back in 1992, a wholly owned subsidiary of 0:08:14.599,0:08:18.699 AT&T called Unix System Laboratories 0:08:18.699,0:08:20.389 decided to go after 0:08:20.389,0:08:22.539 BSDI for 0:08:22.539,0:08:25.249 I'm sorry, 0:08:25.249,0:08:26.860 in New 0:08:26.860,0:08:33.139 Jersey, as for an injunction against him due to various what they consider proprietary 0:08:33.139,0:08:34.650 code in the 0:08:34.650,0:08:35.960 BSD. 0:08:35.960,0:08:40.200 -This was one of their advertising and again, they used +This was one of their advertising things again, they used this as the basis for the 0:08:40.200,0:08:42.150 lawsuit. I have 0:08:42.150,0:08:44.640 no idea what that’s for. 0:08:44.640,0:08:47.660 0:08:47.660,0:08:52.440 Net/2 was basically, I'm sorry 0:08:52.440,0:08:55.809 the three BSDIs version of BSD OS is basically Net/2 0:08:55.809,0:08:58.239 + 6 files that they had version from 0:08:58.239,0:09:00.540 Bill Jolitz’s 386 0:09:00.540,0:09:05.030 BSD. The lawsuit was, I'm sorry, the court settlement was 0:09:05.030,0:09:09.020 ruled over by a judge who denied the injunction 0:09:09.020,0:09:11.469 and asked them to narrow their 0:09:11.469,0:09:15.650 complaint to recent California copyrights and the possibility of the loss of 0:09:15.650,0:09:19.299 trade secrets. He also did a really great thing for BSD is that he hinted, 0:09:19.299,0:09:21.829 that…actually by this 0:09:21.829,0:09:25.770 -point, the lawsuit with California Berkeley had been +point, the University of California Berkeley had been also added into the 0:09:25.770,0:09:29.030 lawsuit. Well, he gave a hint to bring the case to the state 0:09:29.030,0:09:30.160 court. So, 0:09:30.160,0:09:36.110 BSD laywers were pretty smart over at Cal and they decided to make a run over to the state court by the next 0:09:36.110,0:09:38.690 Monday to file a countersuit 0:09:38.690,0:09:39.390 against USL, 0:09:39.390,0:09:43.250 in the state of California. 0:09:43.250,0:09:46.280 Soon after USL went up for 0:09:46.280,0:09:49.070 sale, and it was bought by Novell 0:09:49.070,0:09:53.860 A gentleman, Ray Noorda, the CEO 0:09:53.860,0:09:58.730 at Novell, agreed to a settlement at this point because they understood that there was 0:09:58.730,0:10:01.060 no copyright infringement in the 0:10:01.060,0:10:03.510 code. So, basically, 0:10:03.510,0:10:05.850 the lawsuit was settled out of court 0:10:05.850,0:10:07.150 in secret for ten years. 0:10:07.150,0:10:08.870 -In 2004, +In 2004, a site Groklaw primarily got 0:10:11.490,0:10:14.990 -done with the actual settlement +what the actual settlement 0:10:14.990,0:10:16.120 -was and really sit. +was released. 0:10:16.120,0:10:17.910 -And, +And, well 0:10:17.910,0:10:19.560 USL, AT&T and 0:10:19.560,0:10:20.550 Novell sort of 0:10:20.550,0:10:22.190 was embarrassed, 0:10:22.190,0:10:27.060 which ended up resulting in two distinct releases 0:10:27.060,0:10:32.990 4.4BSD, there is an encumbered version and had USL license 0:10:32.990,0:10:37.490 and AT&T code, and 4.4BSD-Lite, which was completely unencumbered 0:10:37.490,0:10:39.460 and became the 0:10:39.460,0:10:40.600 foundation for 0:10:40.600,0:10:43.470 -a FreeBSD. + FreeBSD. 0:10:43.470,0:10:47.500 -NetBSD, I'm sorry, FreeBSD +NetBSD, I'm sorry, FreeBSD, it ends right there 0:10:49.150,0:10:55.670 FreeBSD, people with background, only different BSDs that came out of 386BSD 0:10:55.670,0:11:00.900 It runs on Intel x86, Itanium, AMD64, Alpha, Sun Ultra 0:11:00.900,0:11:05.149 SPARC and it gives us the neat features of jail, which most of us are familiar with, 0:11:05.149,0:11:07.420 mandatory access control as MACH 0:11:07.420,0:11:10.830 and historically, had a very strong TCP/ 0:11:10.830,0:11:11.750 IP and SMP performance. 0:11:11.750,0:11:16.150 The original NetBSD, which also came from 386BSD 0:11:18.680,0:11:22.200 Over 50 hardware platforms from a single source tree 0:11:22.200,0:11:25.520 and that’s pretty much what it's known for. To be honest 0:11:25.520,0:11:31.790 I mean, I got to admit I'm an Open BSD guy, I was looking for -a really cool and innovative features in NetBSD and I really +a really cool and innovative features for NetBSD and I really 0:11:31.790,0:11:32.329 couldn’t find any. 0:11:32.329,0:11:34.940 -Why am I hanging on this. +so let them hang their head on this. 0:11:34.940,0:11:37.160 Sorry, 0:11:37.160,0:11:39.650 I know people are going to… 0:11:39.650,0:11:46.650 -I know the NetBSD is going to get me…I can +I know the NetBSDers is going to jump me…I can handle two of you. Okay? And this is 0:11:48.680,0:11:51.490 -a list of the platforms that probably +a list of the hardware platforms that currently supported on 0:11:51.490,0:11:53.820 including a toaster. + 0:11:53.820,0:11:55.000 0:11:55.000,0:11:56.410 OpenBSD, 0:11:56.410,0:11:59.179 this is one of the old logos, this is the new 0:11:59.179,0:12:03.510 logo. It was forked from NetBSD 1.0, we won't go into the history, I know 0:12:03.510,0:12:08.929 most people know it, and it's supported by about 16 official platforms 0:12:08.929,0:12:12.530 platforms. This is about half of the most popular ones. 0:12:12.530,0:12:17.570 And it comes out with a new release every six months, generally, in May and November 0:12:17.570,0:12:20.810 -1st, so if you haven’t already, pick a copy, it just came +1st, so if you haven’t already, pick a copy, that just came 0:12:20.810,0:12:24.880 out of the foil. It's unofficial model is secure by default 0:12:24.880,0:12:31.880 only what's needed is running on the default 0:12:32.750,0:12:35.690 And, some of their goals 0:12:35.690,0:12:38.300 and features - full disclosure, audits, 0:12:38.300,0:12:43.950 privsep, privilege separation & revocation, chroot jails, like FreeBSD, 0:12:43.950,0:12:48.910 random values wherever possible. This is probably 0:12:48.910,0:12:52.180 the most obvious example. ProPolice 0:12:52.180,0:12:58.070 Some other features that they’d given us through -the years – PF, authpf, CARP, fsyncd, +the years – PF, authpf, CARP, pfsyncd, 0:12:58.070,0:13:01.380 which I think some of these are probably in the 0:13:01.380,0:13:08.380 FreeBSD by now. DragonFlyBSD was a continuation of FreeBSD 4.8. Again, 0:13:08.760,0:13:11.160 DragonFlyBSD was 0:13:11.160,0:13:15.640 -FreeBSD 4.8 and was intended to basically +forked with FreeBSD 4.8 and was intended to basically 0:13:15.640,0:13:21.580 overhaul the SMP features in FreeBSD 6 -and 7,5,6, and 7. +and 7..5,6, and 7. 0:13:21.580,0:13:25.690 DragonFly is another example. If you look at their goals, it had some really neat technological stuff. 0:13:25.690,0:13:28.500 I can't find any features that really, you 0:13:28.500,0:13:31.830 know, mean anything. 0:13:31.830,0:13:33.130 Of course, 0:13:33.130,0:13:36.890 Tiger is an old I'm sorry, OSX 0:13:36.890,0:13:43.890 -It started from the Jolitz project, but it's sort of a inbred +It started from the Jolitz project, but it's sort of an inbred 0:13:48.870,0:13:53.800 - +and then various others spearBSD, ecoBSD 0:13:53.800,0:13:58.350 - +and other minor BSDs 0:13:58.350,0:14:04.130 That is all about, I wanted to cover kind of the present of where we are right now, some of the myths and truths. 0:14:04.130,0:14:08.260 Why is BSD dying? Really, that’s what the title 0:14:08.260,0:14:11.750 of the project and topic is. 0:14:11.750,0:14:16.270 Well, first, because IDC said so. 0:14:16.270,0:14:21.480 -Market share for BSD is, right now, all time low, under 1% +Market share for BSD is, right now, at an all time low, under 1% 0:14:21.480,0:14:28.480 And, of course, Netcraft confirms these findings. Last place in the SysAdmin networking test, so we all 0:14:29.660,0:14:30.930 know that word, we're just big losers. 0:14:30.930,0:14:37.610 Because open-source projects are giving away free software. I mean, we can't possibly make 0:14:37.610,0:14:39.310 money, so that, obviously, means that 0:14:39.310,0:14:46.310 -we're dying. And free software is… +we're dying. And free software is terrible 0:14:46.390,0:14:53.390 -We know how to say this, when we came out. -Free software equals terrorism. +We know the insane let me get out. +Free software equals terrism. 0:14:55.120,0:14:57.910 0:14:57.910,0:15:04.910 -Our inability to adapt. As you can see by this graph +Our inability to adapt. As you can see by this graph 0:15:09.630,0:15:15.980 Let's be serious here, people. +As per FreeBSD network pages per hour search 0:15:15.980,0:15:20.520 -We see Windows, I mean, the way people. Come on, -they’ve been doing this for a number of what? 15, +We see Windows, obviously I mean, they are way ahead people. +Come on, they’ve been doing this for a number of what? 15, 0:15:20.520,0:15:22.180 20 years. Linux is second. 0:15:22.180,0:15:24.349 They actually are showing some. 0:15:24.349,0:15:29.259 -We presume that someone is doing office by doing +We presume that someone is doing authentication +by reading user pages 0:15:29.259,0:15:35.450 The BSD is only for register, so we've got to work on that, of course 0:15:35.450,0:15:37.030 -Loss of talent. Free +Loss of talent. 0:15:37.030,0:15:41.410 -BSD has lost 93% of their core developers. +FreeBSD has lost 93% of their core developers. 0:15:41.410,0:15:45.300 Okay, come on, guys, let's go. 0:15:45.300,0:15:48.030 But not all is lost. 0:15:48.030,0:15:53.600 Fortunately, a few very small companies still use BSD in this age. 0:15:53.600,0:15:56.450 0:15:56.450,0:16:02.590 I know you probably have heard most of these. 0:16:02.590,0:16:05.780 Believe it or not, this is our premier 0:16:05.780,0:16:12.780 sponsor, and some other company that didn’t sponsor us 0:16:16.070,0:16:17.560 - 0:16:17.560,0:16:20.070 I should just end right there. 0:16:20.070,0:16:21.870 - +because we're the nearest to them 0:16:21.870,0:16:28.130 Seriously, though, the technological challenge that we have ahead of us. Virtualization, that’s a big deal 0:16:28.130,0:16:29.529 as far as the market. 0:16:29.529,0:16:33.230 Of course, developers are in the market, so, if that happens, that 0:16:33.230,0:16:35.370 -happens. The end is really, really cool. +happens. Although the end is really, really cool. 0:16:35.370,0:16:40.150 DRM, is obviously evil, yes, I know, I don’t care about 0:16:40.150,0:16:41.690 -DRM. Ran out. +DRM. Run Dell. 0:16:41.690,0:16:43.980 Right? 0:16:43.980,0:16:45.310 Political challenges 0:16:45.310,0:16:48.710 -No, this has been hard to admit, but I can't beat +Now, this has been hard to entertain, +but I can't read this out in front of 0:16:48.710,0:16:50.530 -people, blobs, +people. Blobs, 0:16:50.530,0:16:52.140 binary is bad, 0:16:52.140,0:16:53.140 don’t do it 0:16:53.140,0:16:56.180 -just smoke in the same crack +just smoke in the same crap 0:16:56.180,0:16:57.540 - +when it says 0:16:57.540,0:16:59.590 NDAs 0:16:59.590,0:17:01.900 and closed documentation. 0:17:01.900,0:17:06.460 How many of us here are actual core developers for one of the BSDs? 0:17:06.460,0:17:08.159 Okay, the rest of us, let's help them 0:17:08.159,0:17:09.420 out 0:17:09.420,0:17:10.120 okay 0:17:10.120,0:17:12.000 -get your files with your supplier, +get in touch with your supplier, 0:17:12.000,0:17:16.740 let's get some documentation to these guys. 0:17:16.740,0:17:18.159 Because without the 0:17:18.159,0:17:20.100 -diversity, we'll have +diversity, we have 0:17:20.100,0:17:22.220 unity 0:17:22.220,0:17:24.630 and a common goal. 0:17:27.420,0:17:30.090 Thank you.