From 01c79bab6aa9629eabcb5ff8599e257a1af3a9eb Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 27 Apr 2018 19:32:38 -0300 Subject: Add blog post for improved data sync --- pages/about-us/news/2018/improved-data-sync.md | 64 +++++++++++++++++++++++++ pages/img/pages/mozz/ascii.png | Bin 0 -> 38505 bytes 2 files changed, 64 insertions(+) create mode 100644 pages/about-us/news/2018/improved-data-sync.md create mode 100644 pages/img/pages/mozz/ascii.png diff --git a/pages/about-us/news/2018/improved-data-sync.md b/pages/about-us/news/2018/improved-data-sync.md new file mode 100644 index 0000000..ebf94df --- /dev/null +++ b/pages/about-us/news/2018/improved-data-sync.md @@ -0,0 +1,64 @@ +@title = 'Improved data synchronization' +@author = 'drebs' +@posted_at = '2018-04-27' +@more = true +@preview_image = '/img/pages/mozz/ascii.png' + +Last year, LEAP [was awarded a grant from the Mozilla Open Source Support +program](https://leap.se/en/about-us/news/2017/mozilla-thanks) to [improve its +encrypted email +system](https://leap.se/en/about-us/news/2017/perf-improvements-soledad). We +would like to share with you some of the work that has been done as a result of +that, and also thank Mozilla for its initiative. + +The general idea was to implement separation of data and metadata for encrypted +email storage and synchronization. That would allow for two fundamental +improvements: a better user experience (because the list of email messages +would then be able to be loaded before the actual contents of the messages), +and a better usage of systems resources (encrypted messages were previously +being treated as plaintext strings and thus consumed lots of unneeded memory +and cpu). + +The [roadmap](https://0xacab.org/leap/soledad/wikis/2017-roadmap) included the +creation of a platorm to assess the performance impacts of proposed changes, +the actual implementation of the separation of data and metadata during +synchronization, and some specific performance and scalability improvements of +the sync server implementation. + +The live benchmarking platform that was created proved to be very useful to fix +pre-existing performance issues and avoid unexpected performance bugs +introduced during development. A CI environment was used to run performance +test code for every commit made in the repository, and created graphs for +resource consumption (time taken, and amount of memory and cpu used during +execution). The quality of decisions made during development and the resulting +code were improved by having a live performance-wise feedback about proposed +changes. + +As for data and metadata separation, changes to +[Soledad](https://leap.se/soledad) were made so that encrypted blobs can now be +delivered by external aplications directly to the user's database. The main use +case for this is for delivery of incoming email. LEAP's architecture is built +so that unencrypted email messages get encrypted before being delivered to the +user's mailbox. Metadata will soon be synchronized to the user's device, and +the user will be able to see the information associated with the message +(origin, date, subject, etc). But the actual content of the message will only +be downloaded and decrypted on demand, when the user clicks to read the +message. + +Other than those major developments, the MOSS grant has also alllowed us to +experiment with multiple possibilities of performance improvements, as for +example server parallelization, usage of different asynchronous libraries, +Python 3 comparison, usage of proxies for load balancing, among others. + +We very much appreciate the support from Mozilla that has allowed for +concentrated focus on Soledad. The work done within this contract has allowed +for the creation of a system to handle encryption and transfer of binary data, +leading to a much faster and scalable email solution. The critical +implementation of a benchmarking system produced clear data to find +bottlenecks, drive development, and allow for targeted changes to increase +speed and scalability of data encryption and transfer chain. + +LEAP looks forward to applying that work to Bitmask Mail where end users will +reap the benefits. Development of this new blobs system and its future +integration with Bitmask Mail will be a critical step in bringing easy to +deploy truly secure email to a mass market. diff --git a/pages/img/pages/mozz/ascii.png b/pages/img/pages/mozz/ascii.png new file mode 100644 index 0000000..a613848 Binary files /dev/null and b/pages/img/pages/mozz/ascii.png differ -- cgit v1.2.3 From 0609fa3f7a28a42795b7a5a9bb2d17988ca2ff57 Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 27 Apr 2018 19:59:47 -0300 Subject: Add en.haml page for 2018 news --- pages/about-us/news/2018/en.haml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 pages/about-us/news/2018/en.haml diff --git a/pages/about-us/news/2018/en.haml b/pages/about-us/news/2018/en.haml new file mode 100644 index 0000000..7127c76 --- /dev/null +++ b/pages/about-us/news/2018/en.haml @@ -0,0 +1,2 @@ +- @path_prefix = '2018' += child_summaries :order_by => :posted_at -- cgit v1.2.3 From 6e4a9726bcc2b1fa107c9afb39c7e477ee4c0b76 Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 27 Apr 2018 20:08:10 -0300 Subject: Add 2018 news to the menu --- amber/menu.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/amber/menu.txt b/amber/menu.txt index ef48b2c..5cb38fc 100644 --- a/amber/menu.txt +++ b/amber/menu.txt @@ -6,6 +6,7 @@ about-us # people contact news + 2018 2017 2016 2015 -- cgit v1.2.3 From 74fdd75a271e1b1a45cf6201197b49244c46399f Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Thu, 3 May 2018 19:16:35 +0200 Subject: Add pizzigati prize blog post --- pages/about-us/news/2018/pizzigati-price.md | 10 ++++++++++ pages/img/pages/tides_logo.png | Bin 0 -> 42308 bytes 2 files changed, 10 insertions(+) create mode 100644 pages/about-us/news/2018/pizzigati-price.md create mode 100644 pages/img/pages/tides_logo.png diff --git a/pages/about-us/news/2018/pizzigati-price.md b/pages/about-us/news/2018/pizzigati-price.md new file mode 100644 index 0000000..eea7001 --- /dev/null +++ b/pages/about-us/news/2018/pizzigati-price.md @@ -0,0 +1,10 @@ +@title = 'LEAP member received the 2018 Pizzigati Prize' +@author = 'isydor' +@posted_at = '2018-05-03' +@more = false +@preview_image = '/img/pages/tides_logo.png' + +We are proud that [Tides](https://www.tides.org/) awarded LEAP +member Andre Bianchi the [2018 Pizzigati +Prize](https://www.tides.org/accelerating-social-change/2018-pizzigati-prize-andre-bianchi/). Thank you a lot for this recognition of the work done to make it +possible to freely communicate digitally and to support social change! diff --git a/pages/img/pages/tides_logo.png b/pages/img/pages/tides_logo.png new file mode 100644 index 0000000..1d16d55 Binary files /dev/null and b/pages/img/pages/tides_logo.png differ -- cgit v1.2.3 From eb5022e357abc2ad146d9243805a78e7f2921676 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Thu, 2 Aug 2018 18:28:57 +0200 Subject: adding bionic packages --- pages/about-us/news/2018/bionic-packages.md | 20 ++++++++++++++++++++ pages/img/pages/bionic.png | Bin 0 -> 315570 bytes 2 files changed, 20 insertions(+) create mode 100644 pages/about-us/news/2018/bionic-packages.md create mode 100644 pages/img/pages/bionic.png diff --git a/pages/about-us/news/2018/bionic-packages.md b/pages/about-us/news/2018/bionic-packages.md new file mode 100644 index 0000000..7d8e9c6 --- /dev/null +++ b/pages/about-us/news/2018/bionic-packages.md @@ -0,0 +1,20 @@ +@title = 'Maintenance release: Bionic packages and long term evolution' +@author = 'kwadronaut' +@posted_at = '2018-07-26' +@more = true +@preview_image = '/img/pages/bionic.png' + + +Update from the coagulated brains in LEAP +---------------------------------------------------------------------------------------------------- + +Mid july we released packages as a maintanance release with support for Ubuntu 18.04 (Bionic). For install instructions check out https://dl.bitmask.net/linux/ +The bundles however have not been updated, our plan is to deprecate them and migrate to [Snap-packages](https://en.wikipedia.org/wiki/Snappy_\(package_manager\) ), which will take some time. As usual bug reports and feedback is very welcome. + +If you want to follow developments or experiment with those Snap packages, you can find an experimental one tailored for Riseup at [snapcraft](https://snapcraft.io/riseup-vpn), they've written a nice how-to as well: + +We're expanding now as well and are building a Windows installer, it's working pretty smooth, but still lacks a good firewall, we're looking forward to the near future to announce this more broadly. + +* Code & Bugtracker: https://0xacab.org/leap +* Mailinglist: leap-discuss@lists.riseup.net +* Chat: ircs://irc.freenode.org/#leap if you don't have an irc client, you can use some gateway like [Matrix](https://about.riot.im/) diff --git a/pages/img/pages/bionic.png b/pages/img/pages/bionic.png new file mode 100644 index 0000000..842019a Binary files /dev/null and b/pages/img/pages/bionic.png differ -- cgit v1.2.3 From cf39cd89d016f1bbb7f66d1f4242f3f38aa496d9 Mon Sep 17 00:00:00 2001 From: Victor De Gouveia Date: Wed, 30 May 2018 00:54:03 +0100 Subject: Improve Bonafide documentation --- pages/docs/design/bonafide.text | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/pages/docs/design/bonafide.text b/pages/docs/design/bonafide.text index 693bba6..df43b57 100644 --- a/pages/docs/design/bonafide.text +++ b/pages/docs/design/bonafide.text @@ -12,15 +12,15 @@ Bonafide is a protocol that allows a user agent to communicate with a service pr * Authenticate with a provider. * Destroy a user account. -Bonafide user SRP (Secure Remote Password) for password-based authentication. +Bonafide uses SRP (Secure Remote Password) for password-based authentication. h1. Definitions -*DOMAIN* is the primary domain of the provider. This specified by the user when they enter what provider they want to sign up with. +*DOMAIN* is the primary domain of the provider. This is specified by the user when they enter which provider they want to sign up with. *API_BASE* is the root URL of all the API calls. This is constructed from @api_uri/api_version@, where @api_url@ and @api_version@ are values found in the @provider.json@ file. -*ca.crt* is used to denote the provider's self-signed Certificate Authority certificate used to sign all the provider's server certificates, except for DOMAIN which uses a commercial Certificate Authority. +*ca.crt* is used to denote the provider's self-signed Certificate Authority certificate, which is used to sign all of the provider's server certificates, except for DOMAIN which uses a commercial Certificate Authority. *ca_cert_uri* is the special URL that specifies where to download the provider's CA certificate (@ca.crt@). The value for @ca_cert_uri@ is found in @provider.json@. @@ -34,7 +34,7 @@ h2. JSON files h3. GET DOMAIN/provider.json -The @provider.json@ file includes basic information about a provider. The URL for provider.json is always the same for all providers (`http://DOMAIN/provider.json`). This is the basic 'bootstrap' file that informs the user agent what URLs to use for the other actions. +The @provider.json@ file includes basic information about a provider. The URL for @provider.json is always the same for all providers (`http://DOMAIN/provider.json`). This is the basic 'bootstrap' file that informs the user agent what URLs to use for the other actions. This request MUST be made no more than ONCE. All subsequent requests to update @provider.json@ must be made to @GET API_BASE/provider.json@. @@ -104,7 +104,7 @@ h1. REST API h2. Version -The API_BASE for the webapp API is constructed from 'api_uri' and 'api_version' from provider.json. +The API_BASE for the webapp API is constructed from @api_uri@ and @api_version@ from provider.json. For example, given this in provider.json: @@ -123,7 +123,7 @@ h2. Session h3. Handshake -Starts authentication process (values A and B are part of the two step SRP authentication process). +The handshake starts the authentication process between a client and a provider. In the following example, values A and B are part of the two-step SRP authentication process. @@ -141,7 +141,7 @@ Starts authentication process (values A and B are part of the two step SRP authe
-If the query_params leave out the @A@, then no @B@ will be included and only the salt for the given login send out: +If the query_params leaves out the @A@ parameter, then no @B@ parameter will be included in the response and only the salt for the given login will be sent in the reply. @@ -161,7 +161,7 @@ If the query_params leave out the @A@, then no @B@ will be included and only the h3. Authenticate -Finishes authentication handshake, after which the user is successfully authenticated (assuming no errors). This needs to be run after the Handshake. +Finishes the authentication handshake, after which the user will be successfully authenticated assuming there were no errors in the process. This needs to be run after the Handshake.
@@ -193,7 +193,9 @@ Variables: h3. Token Authentication -Tokens returned by the authentication request are used to authenticate further requests to the API and stored as a Hash in the couch database. Soledad directly queries the couch database to ensure the authentication of a user. It compares a hash of the token to the one stored in the database. Hashing prevents timing attacks. +Tokens returned by the authentication request are used to authenticate further requests to the API, and are stored as a hash in the Couch database. + +Soledad ([[https://leap.se/en/docs/design/soledad]]) directly queries the couch database to ensure the authentication of a user. It compares a hash of the token to the one stored in the database. Hashing prevents timing attacks. h3. Logout @@ -219,7 +221,7 @@ h2. User Certificates h3. Get a VPN client certificate -The client certificate will be a "free" cert unless client is authenticated. This certificate includes no identifying information that associates it with the user. Depending on the service level of the user, the certificate may have a common name that indicates that the certificate is valid for rate limited or unlimited bandwidth. +The client certificate will be a "free" certificate unless the requesting client is authenticated. This certificate includes no identifying information that associates it with the user. Depending on the service level of the user, the certificate may have a common name that indicates that the certificate is valid for rate limited or unlimited bandwidth.
@@ -235,9 +237,9 @@ The client certificate will be a "free" cert unless client is authenticated. Thi The response also includes the corresponding private key. -h3. Get a SMTP client certificate +h3. Get an SMTP client certificate -The client certificate will include the user's email address and the fingerprint will be stored with the users identity and the date it was created. This is so that a provider can shut down a user's account if it is sending large amounts of Spam. Authentication is required. +The client certificate will include the user's email address and the fingerprint will be stored with the identity of the user as well as the date it was created. This is so that a provider can shut down a user's account if it is sending large amounts of spam. Authentication is required in order to receive an SMTP client certificate.
@@ -277,7 +279,7 @@ Create a new user. h3. Update user record -Update information about the user. Requires Authentication. +Update information about the user. Requires authentication.
@@ -324,4 +326,4 @@ Changes that should be made for future versions: * Actually, lets change the name of provider.json to something else. It is confusing, since there is a different provider.json that the sysadmins edit. We could call the bonafide one 'provider-information.json' or something. * There should be support for multiple CA certificates. * Unify the file format for specifying servers. Currently, different service configs use different formats. -* Add JSON schema. \ No newline at end of file +* Add JSON schema. -- cgit v1.2.3