aboutsummaryrefslogtreecommitdiff
path: root/template/dev_pages/t3sserakt.html.j2
diff options
context:
space:
mode:
Diffstat (limited to 'template/dev_pages/t3sserakt.html.j2')
-rw-r--r--template/dev_pages/t3sserakt.html.j2136
1 files changed, 136 insertions, 0 deletions
diff --git a/template/dev_pages/t3sserakt.html.j2 b/template/dev_pages/t3sserakt.html.j2
new file mode 100644
index 00000000..73647b9a
--- /dev/null
+++ b/template/dev_pages/t3sserakt.html.j2
@@ -0,0 +1,136 @@
1{% extends "common/base.j2" %}
2{% block body_content %}
3<!-- Jumbotron -->
4<div>
5 <div class="container">
6 <div class="row">
7 <div class="container text-center">
8 <h1>{{ _("Developer page: t3sserakt") }}</h1>
9 </div>
10 </div>
11
12 <div class="container text-center">
13 <img src="{{ url_static('images/t3sserakt.jpg') }}" alt="t3sserakt" />
14 </div>
15 </div>
16</div>
17<div class="container-fluid greybox">
18 <div class="container">
19 <div class="row">
20 <div class="col-lg-2"></div>
21 <div class="col-lg-6">
22 <section>
23 <h2>{{ _("Current Work") }}</h2>
24 <p>
25 {% trans %}
26 At the moment I am working on Transport Next Generation (TNG). The current GNUnet TRANSPORT architecture with its pluggable transport mechanism (TCP, UDP, HTTP(S) and other protocols) together with the ATS subsystem for bandwidth allocation and choosing plugins has several issues with its design. With the Layer-2-Overlay project we like to implement the design goals of the future GNUnet TRANSPORT Next Generation (TNG) subsystem. For details have a look on the <a href="https://www.gnunet.org/en/l2o/">project page</a>.
27 {% endtrans %}
28 </p>
29 </section>
30 </div>
31 </div>
32 </div>
33</div>
34<div class="container-fluid">
35 <div class="container">
36 <div class="row">
37 <div class="col-lg-2"></div>
38 <div class="col-lg-6">
39 <section>
40 <h2>{{ _("Future Work") }}</h2>
41 <p>
42 {% trans %}
43 The next project I will work on is named "Probabilistic NAT Traversal".
44 {% endtrans %}
45 </p>
46 <p>
47 {% trans %}
48 Today consumer devices are behind a NAT quite often, restricting internet connectivity. There are several methods to reach peers being
49behind a NAT, but there are as many reasons those existing methods might fail. We will implement a new way of NAT traversal that we
50think of being independent from the existing network configuration, and does not require a third party which is not natted helping two
51peers to connect to each other. Two peers trying to connect to each other will send out a burst of connection attempts to the other peer on
52different ports. The sheer vast amount of connections attempts from both side will lead to a high probability that two connection attempts
53from both peers onto the same port will be at the same time leading to a successful connection between those peers.
54 {% endtrans %}
55 </p>
56 <p>
57 {% trans %}
58 There are two problems a NAT traversal method has to solve. First there needs to be a method to know the global IP address of a peer A
59another peer B wants to connect to. Second – because inbound connections from the outside are blocked by the NAT firewall of peer A,
60peer A needs to be informed of a connection attempt by peer B. The most common solution for both problems is to have a third party C
61which is not behind a NAT. This third party C obviously knows the global IP address of natted peers, after peer A is trying to connect to
62C. Peer B tells C it likes to connect to peer A, and C informs A about it. Using this method for a privacy preserving network like GNUnet,
63this could facilitate eclipse attacks (isolating a peer) which then can be used for deanonymization attacks and cencorship. Also any
64additional infrastructure needed to provide some kind of functionality has to be maintained by someone, becoming a target and/or point of
65failure. Therefore this method is not suitable. More sophisticated methods like "Autonomous NAT Traversal (pwnat)" using ICMP fake
66message, which do not need a third party for the initiation of the connection, are not successful in all circumstances, because this method
67depend on the behavior of the NAT firewall.
68 {% endtrans %}
69 </p>
70 <p>
71 {% trans %}
72 If two natted peers are using the method to start a burst of connection attempts, this method still needs the global IP of the other peer and a “start signal” to coordinate. In the NGI Assure project L2O we are establishing a backchannel with neighbourhood routing over an ad-
73hoc distance vector protocol to solve the problem of not directly connected peers. The peers serving as hops to a distant peer which are a
74direct neighbour of the start or end peer on that path do know the global IP address of the start or end peer. If those two peers like to use
75the burst method for hole punching the global IP address is known. Via the distance vector protocol we are also able to communicate the
76"start signal". Also in the L2O project we introduced a new test framework for GNUnet to test network setups with peers having
77restricted connectivity. This test framework will be used to create test setups suitable to test possible NAT configurations. A challenge for
78this NAT traversal method will be how to handle the burst in terms of network load, thus we need to experiment with different
79frequencies and the amount of connection attempts.
80 {% endtrans %}
81 </p>
82 </section>
83 </div>
84 </div>
85 </div>
86</div>
87<div class="container-fluid greybox">
88 <div class="container">
89 <div class="row">
90 <div class="col-lg-2"></div>
91 <div class="col-lg-6">
92 <section>
93 <h2>{{ _("Past Work") }}</h2>
94 <p>
95 {% trans %}
96 In the past I have tried to help making the vision of the <a href="http://secushare.org">secushare</a> project a reality. To achieve this the GNUnet framework was the perfect match for a solution to fullfill the privacy preserving part of that vision, and we could concentrate to build a tool for social communication that deserves its name. While trying to use GNUnet, we found and fixed bugs. For example there was one <a href="https://bugs.gnunet.org/view.php?id=5822">bug</a> in CADET which prevented the re-establishment of a connection after a communication partner suddenly stopped communicating. From our perspective there is no alternativ to GNUnet, which led us to first bring the parts of GNUnet needed by secushare to a state that they can be used prouctively.
97 {% endtrans %}
98 </p>
99 </section>
100 </div>
101 </div>
102 </div>
103</div>
104<div class="container-fluid">
105 <div class="container">
106 <div class="row">
107 <div class="col-lg-2"></div>
108 <div class="col-lg-6">
109 <section>
110 <h2>{{ _("Contact Information") }}</h2>
111 <p>
112 <div class="container">
113 <div class="row">
114 <div class="col-lg-2">Mail:</div>
115 <div class="col-lg-6">t3sserakt@gnunet.org</div>
116 </div>
117 <div class="row">
118 <div class="col-lg-2">Mastodon:</div>
119 <div class="col-lg-6">@t3sserakt@social.tchncs.de</div>
120 </div>
121 <div class="row">
122 <div class="col-lg-2">Matrix:</div>
123 <div class="col-lg-6">@t3sserakt:tchncs.de</div>
124 </div>
125 <div class="row">
126 <div class="col-lg-2">PGP:</div>
127 <div class="col-lg-6"><a href="https://keyoxide.org/hkp/34156165BAC792A688C990CFC9A2D9D808FF308D">keyoxide</a></div>
128 </div>
129 </div>
130 </p>
131 </section>
132 </div>
133 </div>
134 </div>
135</div>
136{% endblock body_content %}