diff options
Diffstat (limited to 'pages/about-us')
32 files changed, 1087 insertions, 0 deletions
diff --git a/pages/about-us/contact/en.haml b/pages/about-us/contact/en.haml new file mode 100644 index 0000000..fdf9a9b --- /dev/null +++ b/pages/about-us/contact/en.haml @@ -0,0 +1,34 @@ +- @title = 'Contact Us' + +%h3 IRC + +Probably the fastest and most reliable way to contact anyone involved with LEAP. Don't despair if you don't get a reply right away, we are all in different time zones and we all are able to read the scrollback history, so someone will reply eventually. + +.well + \#leap on freenode.net + +%h3 Email + +Email is pretty good too. + +.well + info@leap.se + +%h3 Postal Address + +It may take us a very long time to respond to postal mail. + +.well + PO Box 4422 + %br + Seattle, WA 98194 USA + +%h3 Phone (Voice Mail) + +Leave us a message, bonus points if you sing your message. + +.well + +1 (206) 420-6613 + + + diff --git a/pages/about-us/donate/en.haml b/pages/about-us/donate/en.haml new file mode 100644 index 0000000..e1e5976 --- /dev/null +++ b/pages/about-us/donate/en.haml @@ -0,0 +1,61 @@ +- @title = 'Donate' + +%p LEAP depends on donations and grants to keep doing the work we do. Please donate today if you value secure communication that is easy for both the end-user and the service provider. + +%p LEAP is a non-profit incorporated in Washington State, USA. However, you contributions are not tax deductable. + +%h3 By Mail + +%pre + LEAP Encryption Access Project + PO Box 4422 + Seattle, WA 98194-0422 USA + +%h3 Bitcoin + +%p Send bitcoins to this address: <code>127hMYMQj2Rc6zcDjnA1yerUNts3iM2sC8</code>. + +%h3 Paypal + +:plain + Recurring Donation<br> + <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top" style="margin:0"> + <input type="hidden" name="cmd" value="_xclick-subscriptions"> + <input type="hidden" name="t3" value="M"> + <input type="hidden" name="src" value="1"> + <input type="hidden" name="sra" value="1"> + <input type="hidden" name="no_note" value="1"> + <input type="hidden" name="modify" value="1"> + <input type="hidden" name="business" value="JPSDB662ZEMJY"> + <input type="hidden" name="item_name" value="LEAP donation"> + <div class="donation"> + <select name="currency_code" style="width: 8em"> + <option value="USD">USD $</option> + <option value="CAD">CAD $</option> + <option value="GBP">GBP £</option> + <option value="EUR">EUR €</option> + </select> + <input type="input" name="a3" value="10" size="6" style="width: 8em"> + <select name="p3" style="width: 8em"> + <option value="1">Monthly</option> + <option value="3">Quarterly</option> + </select> + <input type="submit" name="submit" value="Subscribe"> + </div> + </form> + One Time Donation<br> + <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"> + <input type="hidden" name="cmd" value="_donations"> + <input type="hidden" name="item_name" value="LEAP donation"> + <input type="hidden" name="business" value="JPSDB662ZEMJY"> + <div class="donation"> + <select name="currency_code" style="width: 8em"> + <option value="USD">USD $</option> + <option value="CAD">CAD $</option> + <option value="GBP">GBP £</option> + <option value="EUR">EUR €</option> + </select> + <input type="input" name="amount" value="25" size="6" style="width: 8em"> + <input type="submit" name="submit" value="Donate"> + </div> + </form> diff --git a/pages/about-us/en.md b/pages/about-us/en.md new file mode 100644 index 0000000..df74258 --- /dev/null +++ b/pages/about-us/en.md @@ -0,0 +1,20 @@ +@title = 'About Us' +@toc = false + +LEAP is a dedicated to giving all internet users access to secure communication. Our focus is on adapting encryption technology to make it easy to use and widely available. Like free speech, the right to whisper is an necessary precondition for a free society. Without it, civil society and political freedom become impossible. As the importance of digital communication for civic participation increases, so does the importance of the ability to digitally whisper. LEAP is devoted to making the ability to whisper available to all internet users. + +LEAP is a non-profit organization registered in the state of Washington, USA. THe people who create LEAP live around the world, including: Bahía Blanca (Argentina), Berlin (Germany), Hamburg (Germany), La Paz (Bolivia), London (UK), Madrid (Spain), Montreal (Quebec, Canada), New York City (NY, USA), Paris (France), Seattle (WA, USA), São Paulo (Brazil), Santiago (Chile). + +# About LEAP technology + +LEAP's approach is unique: we are making it possible for any service provider to easily deploy secure services and for people to use these services without needing to learn new software or change their behavior. These services are based on open, federated standards, but done right: the provider does not have access to the user's data, and we use open protocols in the most secure way possible. + +On the server side we have created the LEAP Platform, a "provider in a box" set of complementary packages and server recipes automated to lower the barriers of entry for aspiring secure service providers. On the client side, we have created a cross-platform application called Bitmask that automatically configures itself once a user has selected a provider and which services to enable. Bitmask provides a local proxy that a standard email client can connect to, and allows for easy one-click Virtual Private Network (VPN) service. + +Email continues to be a vital communication tool, but is difficult to use securely. Unfortunately, when people to use secure email they often use it in ways that compromise their confidentiality and the confidentiality of the people they communicate with. Even worse, current technology for secure email is vulnerable to numerous methods of association-mapping--information that can be highly sensitive in its own right. + +The LEAP email system has several security advantages over typical encryption applications: if not already encrypted, incoming email is encrypted so that only the recipient can read it; email is always stored client-encrypted, both locally and when synchronized with the server; all message relay among service providers is required to be encrypted when possible; and public keys are automatically discovered and validated. In short, the Bitmask app offers full end-to-end encryption, quietly handling the complexities of public key encryption and allowing for backward compatibility with legacy email when necessary. Because the LEAP system is based on open, federated protocols, the user is able to change providers at will, preventing provider dependency and lock-in. + +In addition to encrypted email, Bitmask offers automatically self-configuring encrypted internet proxy (aka VPN). Most VPN technology can be a pain to configure correctly without introducing vulnerabilities of DNS leakage, IPv6 leakage, and failing into an open, unencrypted state. The goals for LEAP’s VPN service are to make it so easy to use that people will want to keep it on all the time, and to make it more secure than most other VPN services. + +For more information, see our [[documentation => docs]], [[talk slides => https://leap.se/slides/]], or [[email overview => email]]. diff --git a/pages/about-us/grantwriter.md b/pages/about-us/grantwriter.md new file mode 100644 index 0000000..394a1b4 --- /dev/null +++ b/pages/about-us/grantwriter.md @@ -0,0 +1,65 @@ +@title = "Job posting for grant writer" + +Overview +======================== + +LEAP Encryption Access Project (https://leap.se) is looking for a grant writer with a high-level understanding of the grant writing process, extensive experience writing successful proposals for highly competitive grants, excellent time management, and project management skills along with excellent communication skills. The Grant Writer will be expected to build and maintain relationships with foundations and other organizations offering grant opportunities, and must be highly self motivated. Experience and interest in online communication and internet freedom a big plus. + +* Start Date: ASAP +* Rate: Competitive non-profit +* Time: Min 4 months, 50% time preferred. +* Please contact mcnair@leap.se + +Responsibilities +====================== + +* Researching, developing and writing inquiries, letters an proposals requesting state and federal funds. + +* Tracking and monitoring assigned proposals, including their deadlines, requirements and written reports. + +* Identify potential funding sources including, but not limited to governmental programs, private foundations, corporation. + +* Contact potential funding sources to discuss eligibility requirements, criteria, interest, and potential programs, and maintain ongoing relationships with funding contacts. + +* Write grants and thoroughly compile required attachments for submission. + +* Help develop grant calendar for each year based on research and past funding history. + +* Create compelling, persuasive, well-structured grant narratives through the use of effective storytelling and superior prose--tying LEAP's needs to funder priorities. + +* Research, develop, write, package and submit grant proposals. + +* Effectively perform all aspects of grant development and submission, including tracking of information, soliciting and collecting support letters and memoranda of understanding, board resolutions, developing funder-compliant budgets, and coordinating with internal sources to elicit necessary data. + +* Undertake research for the purposes of gathering statistical, analytical and anecdotal data, analyzing those data, and using such data strategically to create compelling grant proposal narratives--which use current, evidence-based, peer-reviewed models, when appropriate. + +* Undertake research related to identification of funding sources to meet specific programmatic needs through use of internal resources (e.g., newsletters, grant indexes, Internet resources) and external resources (e.g., training opportunities, bidders' conferences). Determine "goodness of fit" based on funder & internal priorities. + +* Collaborate with finance, programs and compliance to ensure grant reporting and tracking grant compliance. + +Qualifications +====================== + +The ideal candidate will: + +* Ability to interface with personnel in a professional manner. +* 3+ years of successful grant writing experience with federal and government grants, as well as private foundation experience. +* Ability to demonstrate accomplishments and success in grants being awarded. +* Reporting experience with OMB Circular A-133 preferred. +* Strong organizational and interpersonal skills. +* Ability to write accurate, compelling narrative that uses grammar and spelling correctly. +* Ability to perform under deadlines and tight schedules. +* Ability to digest and comply with detailed instructions a must as is the ability to prioritize in the context of multiple projects. +* Experience developing program budgets for grant submissions. +* Experience with free and open source software a big plus. + +About LEAP +====================== + +LEAP Encryption Access Project is a non-profit dedicated to giving all internet users access to secure communication. Our focus is on adapting encryption technology to make it easy to use and widely available. + +* We are a team of 10 dedicated and experienced anti-surveillance hackers. +* We started development in earnest on June 1 2011. +* We are globally distributed in Europe, South America, North America, and South Korea (Yep, it is hard to schedule meetings). +* Everything we do is licensed as free and open source software (GPL whenever possible). +* People of color, women, and queer people are strongly encouraged to apply. diff --git a/pages/about-us/jobs/en.haml b/pages/about-us/jobs/en.haml new file mode 100644 index 0000000..1b61102 --- /dev/null +++ b/pages/about-us/jobs/en.haml @@ -0,0 +1,63 @@ +- @title = 'Jobs' + +:textile + + h1(first). About LEAP + + "LEAP Encryption Access Project":https://leap.se/en is a non-profit dedicated to giving all internet users access to secure communication. Our focus is on adapting encryption technology to make it easy to use and widely available. + + * We are a team of 10 dedicated and experienced anti-surveillance hackers. + * We started development in earnest on June 1 2011. + * We are globally distributed in Europe, South America, North America, and South Korea (Yep, it is hard to schedule meetings). + * We have an established agile development process that works. + * Everything we do is licensed as free software (GPL whenever possible). + * People of color, women, and queer people are strongly encouraged to apply. + + h1. Open Positions + + Currently, we have no open positions, but we would love to hear from you anyway. Please contact mcnair@leap.se + +-# + h1. Open Positions + + h2. Lead Python Developer + + !>/img/pages/python-logo.png! + + We are hiring a lead Python programmer to shepherd the development of the LEAP Client. The LEAP Client is a desktop application that connects to a larger cloud-based system to provide end-to-end client-side encryption over many different protocols (like email and chat). The app is mostly headless, speaking to the servers via a client-encrypted sync to distributed databases and to local clients via traditional protocols like IMAP, SMTP, and XMPP. We are looking for someone who can take a leading role in overall design of the client (and related protocols), provide direction for development, work collaboratively with a small team of hackers, and assure clean code. + + <!-- This position presents some unique challenges! The team is globally distributed and comprised of independent people who generally prefer collective and non-hierarchical systems. Ideally we would find someone who is excited about thinking creatively and non-traditionally about a lead role. --> + + What we are looking for, via a list of many bullets: + + * Many years of experience with Python + * Clear understanding of public key cryptography and experience using cryptographic libraries + * Burning desire to secure communications from prying eyes and snooping algorithms + * Uncontrolled obsession with free and open source software + * Experience with architecture of large applications + * Love of clean code + * Ability to take on a leadership role + * Enthusiasm for working collaboratively + * Good testing practices + * Experience with cross-platform development + * Ability to understand and work with complex distributed systems + * Self-motivated and able to effectively work remotely + + Compensation rates are high for US non-profits and low for the US tech industry. This could be a full-time or part-time position, as desired. + + h2. Android Developer + + !>/img/pages/android-logo.jpg! + + We are hiring a programmer for ongoing Android development, including porting the LEAP Client to Android and writing a client-encrypted sync provider that integrates with the LEAP data storage. Many of the key components on which the client will depend have already been ported to Android, such as openvpn, sqlcipher, and u1db. Like its desktop counterpart, the goal with the Android client is to have a minimal UI that auto-configures itself with the service provider. We will only support Android 4.0 and above (earlier releases don't have "VpnService":http://developer.android.com/reference/android/net/VpnService.html API). + + What we are looking for, via a list of many bullets: + + * Experience with Android application development + * Familiarity with public key cryptography and (ideally) experience with BouncyCastle + * Enthusiasm for working collaboratively + * Good testing practices + * Burning desire to secure communications from prying eyes and snooping algorithms + * Uncontrolled obsession with free and open source software + + Compensation rates are high for US non-profits and low for the US tech industry. This could be a full-time or part-time position, as desired.
\ No newline at end of file diff --git a/pages/about-us/news/2012/access-prize/en.haml b/pages/about-us/news/2012/access-prize/en.haml new file mode 100644 index 0000000..35c61f6 --- /dev/null +++ b/pages/about-us/news/2012/access-prize/en.haml @@ -0,0 +1,14 @@ +- @title = "Big thanks to Access for supporting LEAP" +- @author = "Mcnair" +- @posted_at = "2012-12-11" +- @preview = capture_haml do + Last night I attended the awards party for Access Innovation Prize, not knowing what to expect. The prize is for people and organizations using <a href="https://www.accessnow.org/blog/2012/12/11/first-annual-access-innovation-awards-prize-winners-announced">"information technology to promote and enable human rights and deliver social good"</a>. It turns out, geeks on a mission know how to do good and have a good time! + + %div{:style => 'float:left; margin: 8px; margin-left: 0;'} + %img{:src => "/img/pages/access-prize-small.jpg"} + %span{:style => "font-size: 80%; line-height: 0.8em; display: block; margin-top: 4px;"} + My, that disc is shiny. + + %br + + LEAP was a finalist in the "Making Crypto Easy" category, but the competition was impressive and deserving. I nearly popped a blood vessel when I heard LEAP called as the winner! Big thanks to <a href="https://www.accessnow.org">Access</a> and all the techies and innovators they assembled. It was an excellent party, and a stellar collection of dedicated technologists. On behalf of LEAP, I am humbled and extremely thankful for this prize. Now we get down to putting the prize money to work... diff --git a/pages/about-us/news/2012/en.haml b/pages/about-us/news/2012/en.haml new file mode 100644 index 0000000..2a1d44a --- /dev/null +++ b/pages/about-us/news/2012/en.haml @@ -0,0 +1,2 @@ +- @path_prefix = '2012' += child_summaries
\ No newline at end of file diff --git a/pages/about-us/news/2012/security-bingo/_table.html.haml b/pages/about-us/news/2012/security-bingo/_table.html.haml new file mode 100644 index 0000000..9091b7b --- /dev/null +++ b/pages/about-us/news/2012/security-bingo/_table.html.haml @@ -0,0 +1,163 @@ +%style + :sass + table.table + border: 1px solid #ccc + td + background: white + width: 12.5% + font-size: 0.9em + border-right: 1px solid #ccc + td.section + border-right: 0 + +%table.table + %tr + %th + %th + %th Windows + %th Mac + %th Linux + %th iOS + %th Android + %th Web + %tbody + %tr + %td.section{:rowspan => 3} Messages + %td Short Message + %td{:colspan => 3} #{link 'Pidgin' => 'http://pidgin.im'}, #{link 'Gajim' => 'http://gajim.org'}, #{link 'OTR' => 'http://www.cypherpunks.ca/otr/'} + %td #{link 'ChatSecure' => 'https://chatsecure.org/'} + %td #{link 'Gibberbot' => 'https://guardianproject.info/apps/gibber/'}, #{link 'Beem' => 'http://beem-project.com'}, #{link 'TextSecure' => 'https://github.com/WhisperSystems/TextSecure'} + %td #{link 'Cryptocat' => 'https://crypto.cat'} + %tr + %td Long Message + %td #{link 'Enigmail' => 'http://enigmail.mozdev.org/'}, #{link 'Gpg4win' => 'http://www.gpg4win.org/about.html'} + %td #{link 'Enigmail' => 'http://enigmail.mozdev.org/'}, #{link 'GPGMail' => 'https://www.gpgtools.org/gpgmail/index.html'} + %td #{link 'Enigmail' => 'http://enigmail.mozdev.org/'} + %td + %td #{link 'AGP' => 'http://www.thialfihar.org/projects/apg/'} + %td + %tbody + %tr + %td.section{:rowspan => 5} Files + %td Storage + %td #{link 'DiskCryptor' => 'http://diskcryptor.net'} + %td + %td #{link 'EncFS' => 'http://www.arg0.net/encfs'}, #{link 'eCryptfs' => 'http://ecryptfs.org/'}, #{link 'DMCrypt' => 'http://en.wikipedia.org/wiki/Dm-crypt'} + %td + %td #{link 'AOSP' => 'http://source.android.com/'}, #{link 'Cryptonite' => 'https://code.google.com/p/cryptonite/'} + %td #{link 'SafeWith.me' => 'https://SafeWith.me'} + %tr + %td Backup + %td #{link 'Duplicati' => 'http://duplicati.com/'} + %td + %td #{link 'Déjà Dup' => 'https://launchpad.net/deja-dup'} + %td + %td #{link 'FlashBack' => 'http://www.whispersys.com/flashback.html'} + %td + %tr + %td Synchronization + %td{:colspan => 3} + #{link 'seafile' => 'http://seafile.com'}, #{link 'git-annex' => 'http://git-annex.branchable.com/assistant/'}, #{link 'SparkleShare' => 'http://sparkleshare.org/'}, + #{link 'Syncany' => 'http://www.syncany.org/'} + %td + %td + %td + %tr + %td Data Wipe + %td #{link 'Eraser' => 'http://eraser.heidi.ie/'}, #{link 'BleachBit' => 'http://bleachbit.sourceforge.net/'}, #{link 'DBAN' => 'http://www.dban.org/'} + %td #{link 'DBAN' => 'http://www.dban.org/'} + %td #{link 'BleachBit' => 'http://bleachbit.sourceforge.net/'}, #{link 'DBAN' => 'http://www.dban.org/'}, wipe + %td + %td #{link 'InTheClear' => 'https://github.com/SaferMobile/InTheClear'} + %td N/A + -# %tr + %td Collaboration + %td + %td + %td + %td + %td + %td + %tbody + %tr + %td.section{:rowspan => 3} Audio/Video + %td Direct Calling + %td{:colspan => 2} #{link 'Jitsi' => 'https://jitsi.org/'} + %td #{link 'Jitsi' => 'https://jitsi.org/'}, #{link 'linphone' => 'http://www.linphone.org/'}, #{link 'sflphone' => 'http://sflphone.org/'} + %td + %td #{link 'RedPhone' => 'https://github.com/WhisperSystems/RedPhone'}, #{link 'CSimpleSip' => 'https://code.google.com/p/csipsimple/'} + %td + %tr + %td Conference + %td{:colspan => 3} #{link 'Mumble' => 'http://mumble.sourceforge.net/'} + %td + %td #{link 'Mumble' => 'http://mumble.sourceforge.net/'} + %td + %tr + %td Capture & Reporting + %td + %td + %td + %td + %td #{link 'ObscuraCam' => 'https://guardianproject.info/apps/obscuracam/'} + %td + %tbody + %tr + %td.section{:rowspan => 2} Network + %td Availability + %td{:colspan => 5} #{link 'Commotion' => 'http://commotionwireless.net/'} + %td N/A + %tr + %td Confidentiality & Anonymity + %td{:colspan => 5} #{link 'Tor' => 'https://torproject.org'}, #{link 'OpenVPN' => 'http://openvpn.net'} + %td N/A + %tbody + %tr + %td.section{:rowspan => 3} Identity + %td Passwords + %td{:colspan => 3} #{link 'KeePassX' => 'http://www.keepassx.org/'} + %td + %td #{link 'KeePassDroid' => 'http://www.keepassdroid.com/'} + %td + %tr + %td Validation + %td{:colspan => 6} OpenPGP, #{link 'OTR' => 'http://www.cypherpunks.ca/otr/'} + %tr + %td Authentication + %td{:colspan => 6} #{link 'Mozilla Persona' => 'https://login.persona.org/'}, #{link 'WebID' => 'http://www.w3.org/2005/Incubator/webid/spec/'} + -# %tbody + %tr + %td.section{:rowspan => 2} Anti-intrusion + %td Firewall + %td + %td + %td Many + %td + %td DroidWall + %td N/A + %tr + %td Anti-virus + %td + %td ClamXav + %td ClamAV + %td + %td + %td N/A + -# %tbody + %tr + %td.section{:rowspan => 3} Productivity + %td Events & Scheduling + %td + %td + %td + %td + %td + %td + %tr + %td Tasks & Planning + %td + %td + %td + %td + %td + %td diff --git a/pages/about-us/news/2012/security-bingo/en.text b/pages/about-us/news/2012/security-bingo/en.text new file mode 100644 index 0000000..159945f --- /dev/null +++ b/pages/about-us/news/2012/security-bingo/en.text @@ -0,0 +1,30 @@ +@title = "Let's play security bingo! (Updated)" +@author = "Elijah" +@posted_at = "2012-08-28" +@more = true +@preview = "To be honest, this is might be the least satisfying game of bingo ever—but let's play anyway. The rules are simple: make a grid cross referencing OS platform and communication toolset. In each cell, put the name of an open source software package with reasonable security properties. If this exercise doesn't make you break down in tears, then you have won." + +To be honest, this is might be the least satisfying game of bingo ever--but let's play anyway. The rules are simple: make a grid cross referencing OS platform and communication toolset. In each cell, put the name of an open source software package with reasonable security properties. If this exercise doesn't make you break down in tears, then you have won. + +The rules probably need some adjustment if this game is to catch on. + +Here is my attempt at playing: + +<%= render :partial => 'table' %> + +Looking at this table, it is immediately obvious that there are a lot of empty cells. Unfortunately, most of the cells that are filled in contain software that is unfriendly or even sadistic toward the user. Trying to use many of these tools can feel like developing a BDSM relationship with your computer, and you are not the top. + +What is missing might be more revealing than what is listed. These toolsets are entirely absent from my 'security bingo' game card: + +* *Social Networking:* When I excluded software that I think is unfeasible (SecureShare) or has no security (Diaspora, etc), then you end up with zero projects. +* *Document Collaboration:* I have high hopes for an encrypted etherpad, but so far no one has started work on it. +* *Photos/Vidoes & Galleries:* Nothing I have heard of. +* *Events & Scheduling:* Nothing I have heard of. +* *Tasks & Planning:* Nothing I have heard of. + +I also excluded a few obvious categories: + +* *Firewall:* Reasonable firewall support is now built into most operating systems. +* *Anti-virus:* Viruses are still mostly a problem on Windows. Other platforms have just gotten lucky so far. + +If you have suggestions for how I can fill in my game card, please write elijah@leap.se.
\ No newline at end of file diff --git a/pages/about-us/news/2013/en.haml b/pages/about-us/news/2013/en.haml new file mode 100644 index 0000000..30cd596 --- /dev/null +++ b/pages/about-us/news/2013/en.haml @@ -0,0 +1,2 @@ +- @path_prefix = '2013' += child_summaries
\ No newline at end of file diff --git a/pages/about-us/news/2013/support-encryption-tools-for-journalists.haml b/pages/about-us/news/2013/support-encryption-tools-for-journalists.haml new file mode 100644 index 0000000..03a1f9c --- /dev/null +++ b/pages/about-us/news/2013/support-encryption-tools-for-journalists.haml @@ -0,0 +1,6 @@ +- @title = "Support encryption tools for journalists" +- @author = "Elijah" +- @posted_at = "2013-12-08" +- @more = false +- @preview = capture_haml do + Freedom of the Press Foundation has launched a crowd fundraising <a href="https://pressfreedomfoundation.org/?123">campaign to support encryption tools</a> for journalists, and LEAP is one of the receiving projects. It is an honor to be amoung Tor, Tails, and WhisperSystems. diff --git a/pages/about-us/news/2013/the-big-seven/en.haml b/pages/about-us/news/2013/the-big-seven/en.haml new file mode 100644 index 0000000..4b66a62 --- /dev/null +++ b/pages/about-us/news/2013/the-big-seven/en.haml @@ -0,0 +1,8 @@ +- @title = "The big seven hard problems in secure communication" +- @author = "Elijah" +- @posted_at = "2013-08-22" +- @more = true +- @preview = capture_haml do + If you take a survey of interesting initiatives to create more secure communication, a pattern starts to emerge: it seems that any serious attempt to build a system for secure message communication eventually comes up against the following list of seven hard problems. These problems appear to be present regardless of which architectural approach you take (centralized authority, distributed peer-to-peer, or federated servers). + += render :page => 'hard-problems'
\ No newline at end of file diff --git a/pages/about-us/news/2014/android-oh-seven.md b/pages/about-us/news/2014/android-oh-seven.md new file mode 100644 index 0000000..0da7d51 --- /dev/null +++ b/pages/about-us/news/2014/android-oh-seven.md @@ -0,0 +1,19 @@ +@title = 'Bitmask Android 0.7.0' +@author = 'Parménides GV' +@posted_at = '2014-10-06' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/android-mask.png"></div><p>We\'ve released a new version of our Android client, which improves the stability of our VPN tunnel and fixes a bunch of bugs.</p>' + +We've released a new version of our Android client, which improves the stability of our VPN tunnel and fixes a bunch of bugs. + +We solved a pesky problem related to memory usage. When total available memory gets very low, Bitmask would stop. To solve this problem Bitmask will now restart when neccessary. + +Deep research on how AOSP (Android Open Source Project) works when an app is killed informed this solution, and the restart should happen as quick as possible: we've measured 45 seconds in a real environment. Once implemented, this feature was suggested to the upstream project for the VPN, [ics-openvpn](https://code.google.com/ics-openvpn), and was accepted and incorporated right away (thanks Arne). + +We also started to do the work needed for Bitmask to be added to F-Droid, but we're going to use a much awaited feature from F-Droid which is [almost complete](https://f-droid.org/wiki/page/Verification_Server) so stay tuned, because you'll see both F-Droid improvements from their side and Bitmask Android on an F-Droid repository really soon! + +Finally, a couple of annoying bugs have been fixed: first of all, you can turn off VPN from our dashboard switch, and if that happens (or more generally, if you switch off VPN by any means), you won't see the "Blocked traffic" notification which appeared on 0.6.0. + +We're beginning to collaborate with third parties, and getting more [users and feedback on the Play Store](https://play.google.com/store/apps/details?id=se.leap.bitmaskclient). As with any Libre Software project, you're more than welcomed to tell us your suggestions (use [Twitter](https://twitter.com/leapcode), [GitHub](https://github.com/leapcode/bitmask_android), [file bugs](https://leap.se/code/), or even [collaborate with us in the development itself](https://github.com/leapcode/bitmask_android#contributing). + +Thanks for your attention, and if you're a user, thanks for your feedback and support! diff --git a/pages/about-us/news/2014/bitmask-oh-seven-rc.md b/pages/about-us/news/2014/bitmask-oh-seven-rc.md new file mode 100644 index 0000000..c8ba357 --- /dev/null +++ b/pages/about-us/news/2014/bitmask-oh-seven-rc.md @@ -0,0 +1,21 @@ +@title = 'Bitmask Desktop v0.7.0-rc1 is ready for testing' +@author = 'Ivan' +@posted_at = '2014-10-06' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/clocks.jpg"></div><p>Starting today users can run a "stable" or "unstable" version of Bitmask. For each new version, we will first issue an "unstable" public release candidate. People who are in position to run bleeding edge code can run the "unstable" version and help us find any problems that we might have missed.</p>' + +Code name: "One time download, all time update" + +Starting today users can run a "stable" or "unstable" version of Bitmask. For each new version, we will first issue an "unstable" public release candidate. People who are in position to run bleeding edge code can run the "unstable" version and help us find any problems that we might have missed. We will fix these problems and then release a rock solid "stable" version of Bitmask. Download the release candiate, and report issues you find on our tracker https://leap.se/code or alert us on irc (freenode.net #leap). + +## Changes + +For the users of the Linux Bundles, this is the first Bitmask Desktop client release that brings the ability to self-update. This means that you will be able to easily up to date to the latest version. On startup, the app will look for updates, and let you known when a new release is ready and give you a one-click access to the update. If you are using your package manager, you will still have to use the traditional methods to get updates (in ubuntu/Debian, that's `apt-get update && apt-get upgrade`). + +Based on your feedback we have merged all preferences into one elegant and simplified window, and as usual have fixed a hand full of smaller bugs. + +Behind the scenes were are quietly readying Bitmask for dead simple encrypted email. Its getting dangerously close to a public release candidate. + +* [Download Release Candidate](https://dl.bitmask.net/client/linux/release-candidate/) v0.7.0-rc1 and help us test the code +* [Download the Stable version](https://dl.bitmask.net/) +* [Changelog](https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst) diff --git a/pages/about-us/news/2014/bitmask-public-beta.md b/pages/about-us/news/2014/bitmask-public-beta.md new file mode 100644 index 0000000..5ad97a4 --- /dev/null +++ b/pages/about-us/news/2014/bitmask-public-beta.md @@ -0,0 +1,35 @@ +@title = 'Bitmask Public Beta' +@author = 'Elijah' +@more = true +@posted_at = '2014-08-22' +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/bitmask.png"></div><p>The LEAP Encryption Access Project (LEAP) is launching the first public beta of the Bitmask application for Linux and Android. Bitmask is an open source application to provide easy and secure encrypted communication. You can choose among several different service providers or start your own. Bitmask supports VPN with Encrypted Email coming soon.</p>' + + +Bitmask Public Beta +------------------------------------------- + +The LEAP Encryption Access Project (LEAP) is launching the first public beta of the Bitmask application for Linux and Android. + +*Bitmask* is an open source application to provide easy and secure encrypted communication. You can choose among several different service providers or start your own. Bitmask supports VPN with Encrypted Email coming soon. + +The *Bitmask* application is designed to have a *friendly* interface with *automatic* configuration. You simply start the application, register with the compatible service provider of your choice, and away you go. + +With Bitmask VPN, all your traffic is securely routed through your provider before it is decrypted and sent on to the open internet. + +* *Thwart Network Surveillance*: Bitmask VPN is very effective at bypassing most censorship and network surveillance by your ISP or country. + +* *Anonymize your address*: Your IP address will also be hidden, keeping your physical location safe from nefarious websites or network eavesdroppers. + +* *Extra Security*: We take extra security measures to prevent problems common to other personal VPNs, such as DNS leakage and IPv6 leakage (not all enhancements available on Android). + +To install Bitmask, visit https://bitmask.net + +Currently, the only language that is supported in the application and help documentation is English. We are adding more languages soon. + +Users: Let us know what you think by sending a message to discuss@leap.se or on irc.freenode.net #leap. If you have any problems, bug reports can be filed here and are super appreciated! https://leap.se/code + +Providers: If you are interested in providing Bitmask-compatible services, we are always available to help with your setup and launch. https://leap.se/en/docs/platform + +In the coming weeks we will be fixing all the bugs you report. We are actively working on Mac (soon) and Windows (later) support, and adding auto-failover to next available gateway, autostart, and obfsproxy technology. The rest of our attention is focused on secure end to end client encrypted email. We are tantalizingly close to having a public Beta of our email service. + +Stay tuned. Sign up to our mailing list (discuss-subscribe@leap.se), or follow us on twitter (@leapcode). diff --git a/pages/about-us/news/2014/bitmask-release.haml b/pages/about-us/news/2014/bitmask-release.haml new file mode 100644 index 0000000..b889c0e --- /dev/null +++ b/pages/about-us/news/2014/bitmask-release.haml @@ -0,0 +1,43 @@ +- @title = 'Bitmask "long time no see" release' +- @author = 'Kali' +- @posted_at = '2014-04-25' +- @more = true +- @preview = capture_haml do + %div{:style => 'float:left; margin: 8px 8px 8px 0'} + %img{:src => "/img/pages/bitmask-icon.png"} + It's is with pleasure that we <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/develop/relnotes.txt">announce</a> the arrival of the 0.5.0 version of Bitmask, code named "long time no see"! With over 187 files changed, 19627 insertions(+) and 5005 deletions(-), this release of the bitmask client is one of the largest to date! To get the latest version, you can visit the <a href="https://dl.bitmask.net">Bitmask downloads page</a>. + +%p It's is with pleasure that we <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/develop/relnotes.txt">announce</a> the arrival of the 0.5.0 version of Bitmask, code named "long time no see"! + +%p With over 187 files changed, 19627 insertions(+) and 5005 deletions(-), this release of the bitmask client is one of the largest to date! To get the latest version, you can visit the <a href="https://dl.bitmask.net/linux/download">Bitmask downloads page</a>. + +%p Here is a summary of the main changes, with links to the complete changelogs for those who want the details: + +%h3 Bitmask + +%p <a href="https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst">changelog</a> + +%p On this release we are fixing a ton and a half of bugs in the user interface on different desktops, hopefully getting closer and closer to a really smooth experience. There is also a shiny new button for easy log pasting. A couple of bugs that were also interfering with the correct functioning of Encrypted Internet Proxy have also been smashed for your benefit. And the first steps have been integrated for paving the way to the big client code refactor coming in the next few releases. + +%h3 Soledad + +%p <a href="https://raw.githubusercontent.com/leapcode/soledad/master/CHANGELOG">changelog</a> + +%p Improvements to soledad in this iteration include several optimizations to make data synchronization faster and more efficient, and fixing a couple of bugs that were making concurrent syncs fail. We also got rid of a bug that was making the server consume way too much memory. + +%h3 leap.mail + +%p <a href="https://raw.githubusercontent.com/leapcode/leap_mail/master/CHANGELOG">changelog</a> + +%p Although mail is not ready for prime time yet, this release addresses several fixes to make the service correctly parse different types of mails, including all of your unicodes. Mail code went through a extensive refactor to allow for smaller syncs. We also added partial support for SEARCH commands to allow thunderbird to save your drafts. + +%h3 leap.mx + +%p <a href="https://raw.githubusercontent.com/leapcode/leap_mx/master/CHANGELOG">changelog</a> +This version brings in some fixes for dealing with multipart documents. + +%h3 leap.keymanager + +%p <a href="https://raw.githubusercontent.com/leapcode/keymanager/master/CHANGELOG">changelog</a> + +%p Keymanager was updated to work with the latest webapp release, and now is able to memoize calls. diff --git a/pages/about-us/news/2014/columbia-journalism-review.haml b/pages/about-us/news/2014/columbia-journalism-review.haml new file mode 100644 index 0000000..9923ef7 --- /dev/null +++ b/pages/about-us/news/2014/columbia-journalism-review.haml @@ -0,0 +1,6 @@ +- @title = "LEAP article in Columbia Journalism Review" +- @author = "Elijah" +- @posted_at = "2014-01-10" +- @more = false +- @preview = capture_haml do + The Columbia Journalism review has a nice <a href="http://www.cjr.org/behind_the_news/leap_email.php">introduction to LEAP encrypted email</a> and the importance of secure communication for journalists. diff --git a/pages/about-us/news/2014/darkest-night.md b/pages/about-us/news/2014/darkest-night.md new file mode 100644 index 0000000..71a81cc --- /dev/null +++ b/pages/about-us/news/2014/darkest-night.md @@ -0,0 +1,45 @@ +@title = 'New releases for a new year' +@author = 'Staff' +@posted_at = '2014-12-23' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/winter-solstice-at-stonehenge.jpg"></div><p>LEAP is happy to celebrate the days getting longer with shiny new releases of the LEAP platform and Bitmask client for Linux and Android. We resolved over 160 issues for the platform release alone!<p>' + +LEAP is happy to celebrate the days getting longer with shiny new releases of the LEAP platform and Bitmask client for Linux and Android. + +Platform 0.6.0 +-------------- + +With over 160 issues resolved, the latest platform is a fine tuned, easy to deploy, self monitoring machine. We are real happy with its current state and are looking forward to pushing more frequent releases in the coming months. + +Whats New: single node deployment; platform customization; couch flexibility; stunnel rework; new debian repository structure; dependency pinning; leap_cli modularization; improved cert generation; monitoring improvements such as per-environment tooling and notifications; tor hidden service support; switch away from NIST curve and ensure TLSv1 is used; tests made significantly more robust; add support for webapp deployment to a subdomain; many, many bugfixes and stability improvements + +* Download 0.6.0 signed tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.6.0 +* Known issues: https://leap.se/en/docs/platform/troubleshooting/known-issues + + +Bitmask 0.7.0 +------------- + +The LEAP team is pleased to announce the immediate availability of Bitmask 0.7.0 codename "One window to rule them all". We are introducing automatic secure updates for the Bitmask application, making use of a spell called [The Update Framework](http://theupdateframework.com/), aka TUF if you're on friendly terms. Based on your feedback, we are also introducing a sleek new settings panel. As usual, we have also crushed a few bugs along the way. + +For the users of the Linux Bundles, this is the first Bitmask Desktop client release that brings the ability to self-update. This means that you will be able to easily up to date to the latest version. On startup, the app will look for updates, and let you known when a new release is ready and give you a one-click access to the update. If you are using your package manager, you will still have to use the traditional methods to get updates (in ubuntu/Debian, that’s apt-get update && apt-get upgrade). + +Enjoy it while it is hot! + +* Download: https://dl.bitmask.net/linux +* Download 0.7.0 signed tag: https://leap.se/git/bitmask_client.git +* Changelog: https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst +* Known issues: https://leap.se/en/docs/client/known-issues +* Compatibility notes: Bitmask 0.7.0 is not compatible with platform versions older than 0.6.0 + +Bitmask Android 0.8.2 +----------------------------- + +Lollipop is here, and Bitmask Android has been visually and internally updated to give the best experience to date for both early Android 5.0 adopters and usual Android 4 users. + +Two new providers have been added to our preseeded list, and a lot of bugs have been fixed. This release will hopefully be the best one yet, both in terms of usability and stability. + +Stay tuned, because 0.9.0 will arrive soon with interesting new VPN features! + +Changelog: https://github.com/leapcode/bitmask_android/blob/master/CHANGELOG diff --git a/pages/about-us/news/2014/en.haml b/pages/about-us/news/2014/en.haml new file mode 100644 index 0000000..472f438 --- /dev/null +++ b/pages/about-us/news/2014/en.haml @@ -0,0 +1,2 @@ +- @path_prefix = '2014' += child_summaries :order_by => :posted_at
\ No newline at end of file diff --git a/pages/about-us/news/2014/gsoc.html.haml b/pages/about-us/news/2014/gsoc.html.haml new file mode 100644 index 0000000..351cbf9 --- /dev/null +++ b/pages/about-us/news/2014/gsoc.html.haml @@ -0,0 +1,9 @@ +- @title = 'Google Summer of Code 2014' +- @author = 'Mcnair' +- @posted_at = '2014-04-24' +- @more = false +- @preview = capture_haml do + %div{:style => 'float:right; margin: 8px; margin-right: 0;'} + %img{:src => "/img/pages/gsoc.png"} + %p LEAP has selected three Google Summer of Code projects that we are really excited about. One focuses on improving Soledad transport, another on better Windows integration, and a third on adding obfsproxy to the encrypted internet proxy. Congratulations to the students who submitted these projects, they stood out above the rest of the proposals. + %p In the coming months, stay tuned for updates on the progress made to these Google Summer of Code projects. diff --git a/pages/about-us/news/2014/platform-hotfix-release.md b/pages/about-us/news/2014/platform-hotfix-release.md new file mode 100644 index 0000000..70ac4fd --- /dev/null +++ b/pages/about-us/news/2014/platform-hotfix-release.md @@ -0,0 +1,13 @@ +@title = 'Platform HotFix Release 0.5.4.1' +@author = 'Micah' +@posted_at = '2014-08-28' +@more = true +@preview = '<div style="float:left; margin: 8px; margin-left: 0;"><img src="/img/pages/chillies.jpg"></div><p>This Platform release is a hotfix release, resolving a couple issues that came up in the previous release. It fixes tapicero dependency ordering so it will start more reliably (#6004); resolves the /etc/hosts ordering to properly construct the FQDN (#5835); and finally a fix for the logging problem (#6020)</p>' + +This Platform release is a hotfix release, resolving a couple issues that came up in the previous release. It fixes tapicero dependency ordering so it will start more reliably (#6004); resolves the /etc/hosts ordering to properly construct the FQDN (#5835); and finally a fix for the logging problem (#6020) + +There's ongoing work to make leap_platform run all services on one single node. However, this is not possible in this release. + +* Download: signed 0.5.4.1 tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.4.1 +* Known issues: https://leap.se/git/leap_platform.git/blob/HEAD:/README.md diff --git a/pages/about-us/news/2014/platform-release.html.haml b/pages/about-us/news/2014/platform-release.html.haml new file mode 100644 index 0000000..83b6e9e --- /dev/null +++ b/pages/about-us/news/2014/platform-release.html.haml @@ -0,0 +1,54 @@ +- @title = 'LEAP Platform release 0.5.0' +- @author = 'Micah' +- @posted_at = '2014-04-21' +- @more = true +- @preview = capture_haml do + We are happy to announce that the 0.5.0 version of the Leap Platform has been released! There have been a staggering number of improvements since the last release that touch a lot of areas. I'll give you a higher level summary of the changes here. + +%p We are happy to announce that the 0.5.0 version of the Leap Platform has been released! There have been a staggering number of improvements since the last release that touch a lot of areas. I'll give you a higher level summary of the changes here. + +%p There is a signed 0.5.0 tag in the platform git repository, which you can find here: https://leap.se/git/leap_platform + +%p Without further ado, here is what is included: + +%h2 Monitoring + +%p With this release a new monitoring service was added, including the ability to monitor multiple environments with one monitor node. Many logging improvements go along with this feature, like improvements in rotation, making more daemons write to standardized syslog locations. + +%h2 TLS fun + +%p Many improvements related to TLS were rolled out. For mail we now require TLS between satellite servers and the relayhost, and leap mx, we've also improved overall opportunistic TLS configurations. + +%p For the web configurations, the https TLS configurations were modified to take advantage of TLS1.2 features, enhancements to help protect against BREACH and CRIME attacks, and cipher preferences adjusted to prefer PFS, and best-practices strongest cipher selections. + +%p Thanks to heartbleed, we got to test rolling certs and keys in the platform. We are pleased that it went so easily. We simply had to remove the existing ones, ask leap cli to generate new ones, plop in the commercial cert/keys and deploy. Everything was then put where it should be and restarted. With the exception of soledad-server, which was fixed. + +%h2 Whitebox tests + +%p Whitebox tests were added, now you can run 'leap test' in your provider and various critical tests will be run to determine the overall health of your provider. In particular these tests are performed right now: connectivity, checking that correct daemons are running, checking cluster health, and membership, checking for required ACL users and required databases. + +%h2 Bigcouch + +%p There were many Bigcouch scaling improvements dealing with exhausting inodes and body to large issues, and cluster settling before deployment of design documents, databases and users, as well as automatic shard compaction. We also ship some couch scripts that help us with debugging and backups. + +%p We added deployment of new design documents for soledad, and for the new shared database and more robust handling of design document deployment We also migrated u2db metadata to a better structure that allowed for atomic operations and elimination of potential cases of inconsistency + +%h2 Webapp + +%p Functionality was added to allow for a customized webapp git repository, and we now anonymize webapp ips (ipv4 only) by default (in addition to ips in system logs, which cover most cases) + +%h2 Leap CLI + +%p The leap CLI was also improved to fix various corner case bugs, some notable improvements: invalid hostname detection; making sure the ssh key is available in the agent; adding a --no-color flag so log files are not colorized; add a --no-deploy feature; added a 'plain' node, which has no services deployed to it. + +%h2 Tapicero + +%p New tapicero was also deployed with enhancements and fixes to deal better when failing to create databases, and avoiding bigcouch conflicts, adding a flag to re-run for all known users, and a flag to overwrite the _security document. + +%h2 Miscellaneous + +%p Mail for admins is now properly routed to the address configured in provider.json. We also updated the default nameservers to account for changes in upstream availability. Make sure nodes have proper time synchronization setup and configured, even when nodes are snapshot nodes that have been off for a long time. Improvements in code restructuring to help eliminate some redundancy in setting things up, tearing them down and then setting them up again in between initial run stages + +%p We make sure that sensitive components are downloaded over encrypted protocols, such as ruby gems and vagrant baseboxes, we also made sure that bigcouch admin processes were only listening on localhost. + +%p Finally, the latest versions of leap-mx, soledad, keymanager, the webapp and the associated libraries will also be updated when deploying this release.
\ No newline at end of file diff --git a/pages/about-us/news/2014/poodle-hot-fix.html.haml b/pages/about-us/news/2014/poodle-hot-fix.html.haml new file mode 100644 index 0000000..66d9bb4 --- /dev/null +++ b/pages/about-us/news/2014/poodle-hot-fix.html.haml @@ -0,0 +1,18 @@ +- @title = "Poodle hot-fix" +- @author = "Micah" +- @posted_at = "2014-10-15" +- @more = true +- @preview = capture_haml do + As you may have heard, there is a new dog in town, and it is a Poodle. Poodle (Padding Oracle On Downgraded Legacy Encryption) is the name for a severe flaw in the SSLv3 protocol, which can be exploited to force connections to reveal plain-text. The Poodle announcement brought with it the death of the SSLv3 protocol, and none too soon. + +%p As you may have heard, there is a new dog in town, and it is a Poodle. Poodle (Padding Oracle On Downgraded Legacy Encryption) is the name for a severe flaw in the SSLv3 protocol, which can be exploited to force connections to reveal plain-text. The Poodle announcement brought with it the death of the SSLv3 protocol, and none too soon. + +%p In order to respond to this issue, we've made an important security fix release for the Platform. This release simply disables the SSLv3 protocol (as well as deactivates the weak RC4 cipher). + +%p To apply this update, simply update the Leap Platform master branch (or checkout the signed 0.5.5 tag), and deploy to the webapp node. + +%ul + %li + %a(href="https://leap.se/git/leap_platform.git") Leap Platform git repository + %li + %a(href="https://leap.se/git/leap_platform.git/tag/3c7f2f98cdaabb00e13325476197fbbc74dff597") The signed 0.5.5 tag diff --git a/pages/about-us/news/2014/release-oh-five-one.md b/pages/about-us/news/2014/release-oh-five-one.md new file mode 100644 index 0000000..645518a --- /dev/null +++ b/pages/about-us/news/2014/release-oh-five-one.md @@ -0,0 +1,81 @@ +@title = 'Release 0.5.1' +@author = 'Micah' +@posted_at = '2014-05-22' +@more = true +@preview = '<div style="float:left; margin: 8px; margin-left: 0;"><img src="/img/pages/sand-bucket.jpg"></div><p>We are happy to announce the 0.5.1 LEAP release, code named "los trecesemanas" or "lil less leaky". This rapid round of development focused primarily on getting our Encrypted Internet Proxy (VPN) system secured against data leakage, as well as the continued refactor of the soon to be released encrypted email service.</p>' + +We are happy to announce the 0.5.1 LEAP release, code named "los trecesemanas" or "lil less leaky". This rapid round of development focused primarily on getting our Encrypted Internet Proxy (VPN) system secured against data leakage, as well as the continued refactor of the soon to be released encrypted email service. + +Various development details for the client, platform and the webapp are below. + +Platform +======== + +The platform had a number of minor improvements, mostly the work is EIP related: deployment improvements make openvpn service fragments be fully created before the service is deployed. We now block EIP originated DNS traffic at the OpenVPN gateway. We now install openvpn 2.3 from wheezy backports, and set the ipv6 configuration options to force client ipv6 traffic through the gateway, and then reject any outgoing ipv6 packets. Additionally, script-security is set to '1' and tcp-nodelay is configured. + +There were also few other minor improvements in other areas: the initial firewall will allow port 22 by default, and it triggers better. There were nagios check improvements to eliminate duplicates. Service levels were added to the webapp config; known issues are now documented in the git repository; a simple shorewall whitebox test was added; rsyslog and unbound are now pulled from wheezy-backports. Stunnel refreshing will happen more reliably. Tor nicknames will get set automatically, with a default, and the tor family variable will be filled out correctly. The resolv.conf is fixed on virtualbox. Now we can put the webapp on a subdomain and we have support for environmentally scoped services and tags, when using latest leap_cli. + +Download: + +* There is a signed 0.5.1 tag: https://leap.se/git/leap_platform + +Changelog: + +* https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.1 + +Known issues: + +* https://leap.se/git/leap_platform.git/blob/071547967cc00acf18bf68b78e350131017852b9:/README.md + +Webapp +================== + +Webapp development was focused on getting it ready for the beta launch. We enhanced the API with an endpoint to query for the services available when logged in and to notify users via the client. The directory and engine structure has been cleaned up. Documentation now lives on leap.se/docs. Lot's of bugs have been found and fixed during QA and we ensure the availability with nagios tests. + +Changelog: + +* https://github.com/leapcode/leap_web/releases/tag/0.5.1 + +Android +================== + +Android version is running slighly ahead fo the rest! We released 0.5.1 three weeks ago and have made public our 0.5.2 release candidate. 0.5.1 and 0.5.2rc improvements include: + +1. Autostart - If you have EIP on and shutdown your phone, Bitmask will autostart EIP once the phone is running again. +2. Gradle support - This only matters to developers, and they'll know what this means, so no more words +3. Signup support - You can register a new account with a LEAP provider from the android client. + +Autostart still has some glitches due to some problems with ics-openvpn. Next weeks we'll address these issues by cleaning and updating our ics-openvpn codebase. So hold your breath for the next 3 weeks, you'll hopefully see a very good 0.5.2 (or even 0.6!) release. + +Download: + +* https://play.google.com/store/apps/details?id=se.leap.bitmaskclient +* https://downloads.leap.se/client/android/Bitmask-Android-0.5.2-RC1.apk + +Changelog: + +* https://raw.githubusercontent.com/leapcode/bitmask_android/master/CHANGELOG + +Client +================== + +The client focus was towards fixing a security problem that exists in every VPN client to this date, which is: if VPN fails in any way, your traffic gets leaked out of the secure network. + +We leverage the Linux firewall to block all traffic outside of the computer except for the VPN gateways. So even if OpenVPN crashes or the client wrongly says you're going through EIP, you won't be leaking traffic when you are not expecting it. + +The same approach will be expanded to other platforms in the near future. + +Known Issues: Firewall is torn down during restarts #5687. This should be fixed in the early 0.5.2 rc. + +Download: + +* https://dl.bitmask.net + +Changelog: leap.bitmask + +* https://raw.githubusercontent.com/leapcode/bitmask_client/develop/CHANGELOG.rst + +Changelog: leap.soledad + +* https://raw.githubusercontent.com/leapcode/soledad/develop/CHANGELOG + diff --git a/pages/about-us/news/2014/release-oh-five-two.md b/pages/about-us/news/2014/release-oh-five-two.md new file mode 100644 index 0000000..3a12926 --- /dev/null +++ b/pages/about-us/news/2014/release-oh-five-two.md @@ -0,0 +1,64 @@ +@title = 'Release 0.5.2' +@author = 'Micah' +@posted_at = '2014-06-22' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/toolbox.jpg"></div><p>Along with ongoing bug fixes and stability enhancements, the 0.5.2 release of the bitmask client focused on improving VPN security features added in the prior release. In Android development, we are laying the groundwork for better coordination with ics-openvpn which will improve stability and user experience. We plan to launch our beta VPN service in the coming weeks. All of our code that is released is now signed by the LEAP code signing key (key ID 0x1E34A1828E207901, Fingerprint 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901).</p>' + +Overview +--------------- + +Along with ongoing bug fixes and stability enhancements, the 0.5.2 release of the bitmask client focused on improving VPN security features added in the prior release. In Android development, we are laying the groundwork for better coordination with ics-openvpn which will improve stability and user experience. We plan to launch our beta VPN service in the coming weeks. Stay tuned! + +In addition to the 0.5.2 releases detailed below, we have now all of our code that is released is signed by the LEAP code signing key (key ID 0x1E34A1828E207901, Fingerprint 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901). + +Client +--------------- + +An overall improvement in user experience for the fail close security feature was the main focus. We improved the firewall handling on Linux for failing close when the VPN doesn't work as expected. + +Changelogs: + +* leap.bitmask 0.5.2 - https://github.com/leapcode/bitmask_client/blob/develop/CHANGELOG.rst +* leap.common 0.3.8 - https://github.com/leapcode/leap_pycommon/blob/develop/CHANGELOG + +Platform +--------------- + +This release of the platform has a few minor bug fixes, and a few new features. + +It is now possible to run the webapp and mx on the same host; it is now possible to change the sshd port for nodes; static sites now support rack applications and custom apache configurations and /provider.json can now be served from the static site; the templatewlv function was added enabling passing local variables to templates. + +Various minor code cleanups happened, removing redundant or unused classes and variables, consolidating duplicated pieces and fixing the non-functioning inclusion of the sshd class. Some improved documentation and a fix for unbound configs in the unbound.conf.d directory. + +* Download: +There is a signed 0.5.2 tag: https://leap.se/git/leap_platform.git +* Changelog: +https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.2 +* Known issues: +https://leap.se/git/leap_platform.git/blob/071547967cc00acf18bf68b78e350131017852b9:/README.md + +Webapp +--------------- + +We continue polishing the webapp for beta launch and integration with existing services. We prevent users from seeing the tickets of other users and hash our tokens to prevent timing attacks. We ease the integration for providers with existing user bases and use smtp certs to be able to kick out spammers. The UI has been polished with customized error pages and improved i18n. + +0.5.2 is tagged for the webapp with a commit message detailing the changes: https://github.com/leapcode/leap_web/releases/tag/0.5.2 + + +Android +--------------- + +With this version we begin a strong effort to maintain a sane upstream relationship with our base project, ics-openvpn. This is an important step for the stablility and and ease of use for our EIP client, and we're excited about what it means for our development process. We are polishing our patches and will be proposing these to ics-openvpn after our next releaes. + +Also, we have added signup support, enabling you to do so from the login button and from a menu button. + +Changelog: https://github.com/leapcode/bitmask_android/blob/0.5.2/CHANGELOG + + + +Soledad +-------------- + +Focus for this release was on soledad sync stability and speed. This version of Soledad features a sync process which performs one HTTP request for each document sent to or received by the server. The sync process can be interrupted and also reports its status. Two minor bugs have been squashed: avoiding a bigcouch multipart-put bug and authenticating in constant-time to avoid time attacks against the auth scheme. + +leap.soledad 0.5.2 - https://github.com/leapcode/soledad/blob/develop/CHANGELOG diff --git a/pages/about-us/news/2014/release-oh-six.md b/pages/about-us/news/2014/release-oh-six.md new file mode 100644 index 0000000..2df1624 --- /dev/null +++ b/pages/about-us/news/2014/release-oh-six.md @@ -0,0 +1,58 @@ +@title = 'Release 0.6' +@author = 'Micah' +@posted_at = '2014-08-21' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/mostimproved.jpg"></div><p>This release gets the award for most improved, with a focused on major overhauls of the Android and Linux Bitmask clients. These apps now have better security, usability, and stability. We have temporarily broken our practice of releasing all projects with the same version at the same time.</p>' + +Overview +------------------------------------- + +This release gets the award for most improved, with a focused on major overhauls of the Android and Linux Bitmask clients. These apps now have better security, usability, and stability. We have temporarily broken our practice of releasing all projects with the same version at the same time. + +* Bitmask - Android 0.6.0 +* Bitmask - Desktop 0.6.1 +* LEAP Platform 0.5.3 +* Webapp 0.5.3 + +Bitmask Android 0.6.0 +----------------------------------- + +This is a major release for our Android client. It contains a couple of security improvements that inaugurate a series of small but important features that will try to satisfy security minded people. + +The most important security feature added in this release is the openvpn persistent tun integration with our client. Once your device establishes a vpn tunnel, and as long as you keep EIP switch ON, you'll not route any traffic outside the vpn tunnel while the vpn is being established. Other features include earlier autostart launch, prompt to log in if necessary, and man in the middle prevention. + +Regarding bug fixes, we've finally removed the second notification that was annoying some users. The reason of its removal will be soon documented. Apart from that, we've also addressed the Play Store crashes, and some small UI improvements. + +* Download: https://dl.bitmask.net/android +* Changelog: https://github.com/leapcode/bitmask_android/blob/develop/CHANGELOG + + +Bitmask Linux 0.6.1 +----------------------------------- + +This is the new stable version of the Desktop Client after the refactor in which we have separated frontend from backend. This separation paves the way for starting Bitmask during the boot process, and attach the current graphical client afterwards. And maybe even having cli or html5 clients in the near future, the possibilities that it opens are many! + +It also allows us to finally close an annoying bug that was causing high CPU usage when using the client. + +While we were at it, we gave a little face lift to the UI: the provider selection is in a more prominent place now, and some other little interface tweaks made their way into this last release. We hope you enjoy it as much as we do! + +* Download: https://dl.bitmask.net/linux +* Changelog: https://raw.githubusercontent.com/leapcode/bitmask_client/master/CHANGELOG.rst + +LEAP Platform 0.5.3 +----------------------------------- + +This release of the Platform is a minor release, stabilizing further the previous version by only fixing minor, non-disruptive issues. + +* Download: signed 0.5.3 tag: https://leap.se/git/leap_platform.git +* Changelog: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.5.3 +* Known issues: https://leap.se/git/leap_platform.git/blob/HEAD:/README.md + + +LEAP Webapp 0.5.3 +----------------------------------- + +This release of the webapp is also a minor bug fix release, with few changes designed to further stabilize this version. We now enable including custom gems to make customization even more powerful. We also fix corner cases during the account creation and document debugging in production. + +* Download: 0.5.3 tag: https://github.com/leapcode/leap_web/archive/0.5.3.tar.gz +* Changelog: 0.5.3 is tagged for the webapp with a commit message detailing the changes: https://github.com/leapcode/leap_web/releases/tag/0.5.3 diff --git a/pages/about-us/news/2014/repository-key-refresh.html.haml b/pages/about-us/news/2014/repository-key-refresh.html.haml new file mode 100644 index 0000000..14f0ec4 --- /dev/null +++ b/pages/about-us/news/2014/repository-key-refresh.html.haml @@ -0,0 +1,59 @@ +- @title = "Repository Key Refresh" +- @author = 'Elijah' +- @posted_at = "2014-01-14" +- @more = true +- @preview = "We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix it..." + +%p We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix: + +%h3 option 1 - blindly upgrade + +%p You can just ignore the warnings about the packages being unauthenticated. This will upgrade your leap-keyring package, which includes the updated key. This is potentially dangerious and should be avoided. + +%pre + apt-get update --allow-unauthenticated + apt-get upgrade --allow-unauthenticated + +%h3 option 2 - re-add key without checking fingerprint + +%p You can simply re-import the key to your apt keyring. This method is less dangerious, but requires you to trust the certificate authority system (which never a good idea). + +%pre + curl https://dl.bitmask.net/apt.key | apt-key add - + +%h3 option 3 - update the key from keyserver + +%p With this method, we update the key by pulling it from a keyserver and then importing to apt-key. This method is the most secure (so long as you follow all the steps and actually verify the fingerprint). + +%p Find the long key-id of the current LEAP archive signing key: + +%pre + apt-key adv --list-keys --keyid-format 0xLONG + +%p You should see this among the output: + +%pre + pub 4096R/0x1E34A1828E207901 2013-02-06 [expired: 2014-02-06] + uid LEAP archive signing key <sysdev@leap.se> + +%p Now, grab that specific key-id from a keyserver, and verify the fingerprint: + +%pre + gpg --recv-key 0x1E34A1828E207901 + gpg --fingerprint 0x1E34A1828E207901 + +%p You should see this as output: + +:plain + <pre> + pub 4096R/8E207901 2013-02-06 [expires: 2015-02-07] + Key fingerprint = 1E45 3B2C E87B EE2F 7DFE 9966 1E34 A182 8E20 7901 + uid LEAP archive signing key <sysdev@leap.se> + </pre> + +%p Make sure that the fingerprint in this output matches the long key-id you listed with <code>apt-key</code>. Without this step, it would be very easy for an attacker to feed you a bogus key. + +%p Finally, import the key into apt-key: + +%pre + gpg --armor --export 0x1E34A1828E207901 | sudo apt-key add - diff --git a/pages/about-us/news/2015/bitmask-oh-eight.md b/pages/about-us/news/2015/bitmask-oh-eight.md new file mode 100644 index 0000000..20d5405 --- /dev/null +++ b/pages/about-us/news/2015/bitmask-oh-eight.md @@ -0,0 +1,31 @@ +@title = 'Bitmask Desktop v0.8' +@author = 'Ivan' +@posted_at = '2015-02-09' +@more = true +@preview = '<div style="float:left; margin-right: 8px; margin-left: 0;"><img src="/img/pages/bitmask.png"></div><p>Good news everyone! Bitmask for Linux 0.8 has been released. For version 0.8, we focused on fixing bugs and rewriting much of the backend code. There are no new features to try out but if you had some issue bothering you then give this new version a try and tell us how it goes.</p>' + +Good news everyone! Bitmask for Linux 0.8 has been released. + +For version 0.8, we focused on fixing bugs and rewriting much of the backend code. There are no new features to try out but if you had some issue bothering you then give this new version a try and tell us how it goes. + +Upgrading: + +* From bundle: if you are running bundle version 0.7 or new then Bitmask +should update automatically. +* From package: if you have added deb.bitmask.net to your sources.list, +then Bitmask should update automatically (make sure it is not commented +out). + +If you have a bundle version older than 0.7, please download the latest Bitmask bundle. + +This versions includes all the goods that we shipped on previous ones like the Encrypted Internet service (with leak blocker) and Secure Updates. + +Useful links: + +* Install: https://bitmask.net/en/install +* Source: https://leap.se/git/bitmask_client.git +* Changelog: https://github.com/leapcode/bitmask_client/blob/0.8.0/CHANGELOG.rst +* Known issues: https://leap.se/en/docs/client/known-issues +* Compatibility notes: Bitmask 0.8.0 is not compatible with platform versions older than 0.6.0 + + diff --git a/pages/about-us/news/2015/en.haml b/pages/about-us/news/2015/en.haml new file mode 100644 index 0000000..dd6f43e --- /dev/null +++ b/pages/about-us/news/2015/en.haml @@ -0,0 +1,3 @@ +- @path_prefix = '2015' + += child_summaries
\ No newline at end of file diff --git a/pages/about-us/news/en.haml b/pages/about-us/news/en.haml new file mode 100644 index 0000000..480fb17 --- /dev/null +++ b/pages/about-us/news/en.haml @@ -0,0 +1,4 @@ +- @title = 'News' +- @path_prefix = 'news' + += child_summaries levels:2, summary:false, heading:3, order_by: :posted_at
\ No newline at end of file diff --git a/pages/about-us/partners/en.md b/pages/about-us/partners/en.md new file mode 100644 index 0000000..8ff8795 --- /dev/null +++ b/pages/about-us/partners/en.md @@ -0,0 +1,27 @@ +@title = 'Partners' + +## Development partners + +<b><a href="http://thoughtworks.com/">ThoughtWorks</a></b> is a privately owned global software delivery and products company with 2500 employees. ThoughtWorks has hired a team to work on various free software projects related to email security as part of their [[Pixelated Project => https://pixelated-project.org/]]. + +## Financial sponsors + +<b><a href="https://www.opentechfund.org/">Open Technology Fund</a></b> is designed to ensure secure communication tools exist for millions of individuals whose online interactions are being monitored or obstructed by repressive governments. Through support of research, development, and implementation of globally-accessible secure communications, Open Technology Fund champions the goals of Article 19 of the Universal Declaration of Human Rights. + +<b><a href="http://www.hivos.org/">Hivos International</a></b> international development organisation guided by humanist values. Together with local civil society organisations in developing countries, Hivos wants to contribute to a free, fair and sustainable world. A world in which all citizens – both women and men – have equal access to opportunities and resources for development and can participate actively and equally in decision-making processes that determine their lives, their society and their future. + +<b><a href="http://wgf.org/">Wallace Global Fund</a></b> is guided by the vision of the late Henry A. Wallace, former Secretary of Agriculture and Vice-President under Franklin D. Roosevelt. Committed to serving the general welfare, his life exemplified farsightedness, global vision, and receptivity to new ideas. He was keenly interested in scientific innovation as a force to enhance human well-being and had an abiding faith in the individual's spirit and capacity to bring about sound and just social change + +<b><a href="https://pressfreedomfoundation.org/">Press Freedom Foundation</a></b> is a 501(c)3 non-profit organization dedicated to helping support and defend public-interest journalism focused on exposing mismanagement, corruption, and law-breaking in government. We accept tax-deductible donations to a variety of journalism organizations that push for transparency and accountability, and we work to preserve and strengthen the rights guaranteed to the press under the First Amendment. + +<b><a href="https://developers.google.com/open-source/soc/">Google Summer of Code</a></b> is a global program that offers post-secondary student developers ages 18 and older stipends to write code for various open source software projects. We have worked with open source, free software, and technology-related groups to identify and fund projects over a three month period. Since its inception in 2005, the program has brought together over 7,500 successful student participants and over 7,000 mentors from over 100 countries worldwide to produce over 50 million lines of code. + +<b><a href="https://www.accessnow.org/">Access</a></b> defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. + +## Early adopters of the LEAP Platform + +<b><a href="https://www.calyxinstitute.org/">Calyx Institute</a></b> is a research, education and legal support group devoted to researching and implementing privacy technology and tools to promote free speech, free expression, civic engagement and privacy rights on the Internet. Calyx plans to be an early adopter of the [[LEAP platform => platform]]. + +<b><a href="https://riseup.net">Riseup Networks</a></b> is major provider of email, chat, and lists for thousands of activist organizations around the world. Riseup plans to be an early adopter of the [[LEAP platform => platform]]. + +<b><a href="https://oblivia.vc/">Oblivia</a></b> is a new service provider starting up in Brazil. diff --git a/pages/about-us/vision/en.haml b/pages/about-us/vision/en.haml new file mode 100644 index 0000000..bbabc19 --- /dev/null +++ b/pages/about-us/vision/en.haml @@ -0,0 +1,27 @@ +- @nav_title = 'Why we do the things we do' +- @title = 'The Right to Whisper' + +%p LEAP fights for the right to whisper. + +%p Like free speech, the right to whisper is an <b>necessary precondition for a free society</b>. Without it, civil society and political freedom become impossible. As the importance of digital communication for civic participation increases, so does the importance of the ability to digitally whisper. + +%p Unfortunately, advances in surveillance technology are <b>rapidly eroding the ability to whisper</b>. This is a worldwide problem, not simply an issue for people in repressive contexts. Acceptance of poor security in the West creates a global standard of insecure practice, even among civil society actors who urgently need the ability to communicate safely. + +%p The stakes could not be higher. Activists are dying because their communication technologies betray their identity, location, and conversations. When activists attempt to secure their communications, they face confusing software, a dearth of secure providers, and a greater risk of being flagged as potential troublemakers. In other words, <b>problems of usability, availability, and adoption</b>. + +%h1 Our vision + +%p The LEAP vision is to attack these problems of usability, availability, and adoption head on. + +%p + %b To address usability, + we are creating a complete system where the user-facing client software is tightly coupled with the cloud-base components of the system. All our software will be auto-configuring, prevent users from practicing insecure behavior, and primarily limit the configuration options to those moments when the user is placing their trust in another entity. + +%p + %b To address availability, + LEAP will work closely with service providers to adopt our open source, [[automated platform => platform]] for running high-availability [[communication services => services]]. By lowering the barriers of entry to become a reliable provider, we can increase the supply and decrease the cost of secure communications. + +%p + %b To address adoption, + the LEAP platform [[layers higher security => infosec]] on top of existing protocols to allow users a gradual transition path and backward compatibility. Our goal is to create services that are attractive in terms of features, usability, and price for users in both democratic and repressive contexts. + |