[guardian-dev] Lavabit, then Silent Mail shuts down

Lee Azzarello lee at guardianproject.info
Sun Aug 11 02:57:59 EDT 2013


Hey Elijah,

We met in SF last fall at the Radical Designz party. You mentioned
Leap then. Thanks for the update on the progress.

Regarding Hans's question, I have to ask another question, I know,
annoying! What does ease look like in the secure hosted services
context? I think one extreme is the containerization model, like
Heroku where command line tools are used to start a virtual operating
system on another host and that host configures itself based on
parameters passed to the command line tool, the output is a URL to
your application running online. The other extreme is a text document
on a web page where the user copies and pastes code to run in a remote
shell on a server they create themselves. There is also a commercial
form of ease common in VPS providers that offer application stacks for
open source software like Drupal and Wordpress. These usually have a
control panel to configures the stack at the click of a button.

I'm somewhere in the middle of all these options, which is to say you
can stand up a SIP server by copying and pasting some bootstrapping
code from a web document[1], then run a Chef cookbook[2] to automate
the stack build. The end goal is to have options for all possible
forms of a dead simple installation (though I don't know what death
has to do with simplicity). It seems like we have four categories

1) What's kindly refered to as the "private cloud" model, which Leap is hitting.
2) The hosted developer service, which Heroku hits (though this
doesn't actually exist yet, Heroku cannot run many types of server
applications)
3) "Old school" roll your own by typing into a shell and reading the
fresh manual.
4) Pay money for someone else to do it for you.

I'm very interested in Leap development. Is the idea to provide a high
level language for systems administration?

Regards,
Lee

On Fri, Aug 9, 2013 at 3:52 PM, Elijah Sparrow <elijah at leap.se> wrote:
> On 08/09/2013 09:05 AM, Hans of Guardian wrote:
>
>> In light of this, this is where the core idea for OStel has unique strength:  OStel should be as easy as possible for anyone to set up, with servers that federate so that people can call each other on different servers.  It would be great to see more dead simple recipes for setting up secure servers for all sorts of federating services like XMPP, email, etc.
>
> Wish granted?: https://leap.se/platform
>
> The LEAP platform is a turn-key system for offering federated
> communication services with high security. Our goal is to take the pain
> out being a sysadmin (but this is not like the freedombox model of
> everyone running their own servers). Our model is untrusted cloud, where
> the provider still has a vital role to play, but everything is client
> encrypted and the provider is untrusted.
>
> LEAP platform provides VPN and email, with XMPP and file sync planned.
> VPN and Email will be ready for alpha release in the coming month, XMPP
> and files next year.
>
> LEAP platform requires a custom client application called "Bitmask". It
> is free software, along with the platform.
>
> Some features include:
>
> * Bitmask encrypted email is easy to use while still being backward
> compatible with the existing OpenPGP protocol for secure email.
>
> * All incoming email is automatically encrypted so only you can read it
> (including meta-data).
>
> * If possible, outgoing email is automatically encrypted so that only
> the recipient can read it (if a valid OpenPGP public key can be
> discovered for the recipient).
>
> * OpenPGP public keys are automatically discovered and validated (we are
> implementing https://leap.se/nicknym in phases, initially we don't have
> it all in place)
>
> * All data storage is encrypted, including local data and cloud backups.
> This encryption always takes place on your device, so the service
> provider cannot read your stored data.
>
> * Your data is always available and synchronized to the devices you
> choose. (see https://leap.se/soledad for notes on our client-encrypted
> synchronized document database).
>
> * Although you specify a username and password to login, your password
> is never communicated to the provider (SRP, not without its own
> limitations).
>
> * If you download the Bitmask application from downloads.leap.se, your
> service provider cannot add a backdoor to compromise your security.
>
> Despite all this, Bitmask has many known limitations.
> https://leap.se/en/docs/design/limitations
>
> For technical details, see our design documentation
> https://leap.se/design or fork our code.
>
> Please don't rush out and try to start your own LEAP service provider or
> download the client just yet. We are in the process of releasing a bevy
> of critical bugfixes. I will send an announcement when we are ready for
> people to kick the tires. However, if you want to pitch in, then please
> have at it https://github.com/leapcode
>
> We are initially working with calyx.net and riseup.net to be early
> adopters of the LEAP platform. If you are also interested in becoming a
> service provider using LEAP, please let me know.
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info


More information about the Guardian-dev mailing list