1
0
Fork 0
mirror of https://github.com/safing/web synced 2025-04-09 21:49:09 +00:00
safing-web/_publications/2020-07-31-progress-update-july.md
2022-02-24 11:23:37 +01:00

16 KiB

category layout title date author custom_thumbnail_name progress_update cards
blog blog #001 - Progress Update July 2020-07-31 David progress-update true
done in_progress discarded
title description projects team progress
Improve Installation Process
Instead of downloading individual components on first start-up, download them during the installation process.
Portmaster
Patrick
type text
h5 Smoother Installation Is Here
type text
p It was slightly confusing to install a software which did the "proper" installation at its first start up. Next to correctly moving this process into the real installation, while at it, Patrick decided to refactor a lot of related code to further smoothen the process. We're happy with the results.
title description projects team progress
CI & Arch Installer
Package the Portmaster for Arch Linux.
While at it implement Continuous Integration via Github Actions to automatically test all future installs on Windows, Debian & Arch.
Portmaster
Patrick
type text
h5 All Went Well
type text
p Through this project Patrick got to tinker around with Github Actions for the first time, which he really enjoyed. Having completed this task not only helps distributing to Arch users, but will also help the stability of all future Portmaster builds.
type text
h5 More Security As A Side Effect
type text
p While tackling the installer for the second Linux distribution Arch, Patrick pointed out the opt-in security of their service files. Without defining restrictions, an app like the Portmaster gets root access, so when a malicious actor takes over the Portmaster it would give him the tools to take over the whole system. As a result we defined strict rules so the Portmaster only gets read access for most of the system.
type href text
a https://github.com/safing/portmaster-packaging/blob/master/linux/portmaster.service Look at the service config
title description link projects team progress
Funding Proposals
Request different grants to help us out financially with all the research & development still ahead of us.
Apply follow up fundings both from the Netidee and the FFG.
text url
More on Transparent Funding... /ownership/#finances
Back Office
Tabitha
Raphael
type text
h5 FFG Proposal Was 32 Pages Long
type text
p Applying for grants takes a lot of work. We defined 14 R&D goals for the coming year. This time the proposal was extra tricky since we decided to write it in German. Most of our previous applications were written in English, so this time translating texts was also part of the work load. But we are happy we could wrap this up. Result coming in September.
type text
h5 Netidee Application Submitted Too
type text
p Safing started out with a funding from Netidee four years ago, so applying for another grant felt special. The extent of the defined work packages are smaller compared to the FFG, so it did not take as long.
title description projects team progress
SPN Pre-Alpha
Deploy the SPN in v0.1. Give access to Marvin and Visionary Kickstarter backers.
Communicate that this is only the first step and that it will take a few weeks or months until the network is stable enough to support hundreds/thousands of users.
SPN
Daniel
Patrick
type text
h5 Three Major Refactors Made Us Slower But More Secure
type text
p Since our SPN proof of concept back in 2018, three major events resulted in making the final product more secure and stable, but also increased our workload:
type lis
ol
the external code audit of our cryptographic library Jess by Cure53 gave valuable technical advice how to further tighten this aspect
the decision to split the gossiping between network nodes into two levels of communication
the Portmaster has matured a lot since its release back in April, resulting in a lot of code-refactors on the client side
type text
h5 Code Audit By Cure53
type text
p Back in January we paid some of the best in the field to audit our cryptographic library. Their insight and expertise challenged us, in a very good way. The foundation was solid, but it was clear we could improve things here and there. During these months, we could progress our cryptography library into what it is now. This module is complete, but also added workload to the timeline.
type text href
a View Cure53's audit report https://cure53.de/pentest-report_safing-jess.pdf
type
br
type text href
a Inspect the code of Jess, our cryptography library https://github.com/Safing/jess
type text
h5 Refactoring The Gossiping
type text
p Instead of sending all data from servers to clients, we decided to split the messages into a "big message" and a "small message". The big message is sent on setup and contains the servers public key and lots of meta-data. The small message contains the servers active links to other nodes and its most current ephemeral keys (for 0-RTT perfect forward & backward secrecy connections). The small message will communicate with clients regularly while the big message will be sent less frequent to prevent unnecessary communication. Naturally, this resulted in a big refactor and a delay in timeline.
type text
p This module is nearly done as well, just a few polishes here and there as well as some more integration tests are needed to wrap this up.
type text href
a View the Pull Request of this refactor https://github.com/safing/spn/pull/1
type text
h5 Last Piece of the Puzzle: Client Side Integration
type text
p The Portmaster has matured a lot in the last few months, hence this also changed a few components which intercept and resolve network connections. This is the final module we are currently working on until the first testers can join the network. We are so close, but sadly not there yet. Expect the full SPN engine to start very shortly.
title description projects team progress
Safing API
Enable you to sign in to your Safing account on the Portmaster client via the Safing API. Also respond with details regarding your SPN subscription.
Implement device management so you can sign out of devices from the Safing website.
SPN
Portmaster
Website
David
Daniel
type text
h5 We Completed the Server Part
type text
p The Safing API has come very far. It actually already is online, signing in valid users and responding with information on each users SPN subscription status. Setting the API up securely took quite a lot of planning, but we are happy about the result.
type text
h5 Designs Are Done Too
type text
p Now in the Portmaster part, we both need to provide an interface where you can log in to the SPN and where it displays your current account status. The designs for this have also been completed by Luke.
type text
h5 What is Missing is The Client Side
type text
p The only puzzle piece missing is the frontend implementation, meaning the Portmaster UI actually showing the designs and making the API calls. This project is nearing its completion, so stay tuned!
title description projects team progress
IntelHub
Create a service that aggregates filterlists, updates this intelligence frequently and distributes it to Portmaster clients so they do not have to do this resource heavy work themselves.
Also aggregate and distribute GeoIP data so the SPN module can calculate up-to-date Internet routes for its circuits.
Portmaster
Patrick
type text
h5 Watching Filter List Repos
type text
p Next to providing aggregated filter lists to the privacy filter module of the Portmaster, we added a feature to the IntelHub so it watches the different list repositories. With this, we will constantly be informed about ongoing changes and be able to quickly inform our users about any impactful changes.
type text
h5 GeoIP Data is Being Aggregated
type text
p The second big part of this work package is to collect and sort GeoIP data so the Portmaster can properly build SPN circuits locally. If you are pinging a server in Europe it would be ineffective to exit the SPN in Asia. Hence, your client needs this data to calculate efficient routes. This data is already being gathered from many different resources and takes our server up to 16 GB of memory when performing an update.
type text
h5 Polishing Things Up
type text
p All in all, Patrick is making great progress and this project is nearing its completion. It just needs a few improvements here and there to then be fully deployed. Expect this to be out soon.
title description projects team progress
Portscan Detection Detect and block malicious actors trying to expose vulnerabilities by scanning through all networking ports on your device. Research thoroughly to prevent false positives.
Portmaster
Daniel
Thomas (Intern)
type text
h5 Lots of Research Went Into This
type text
p Although this is a cool feature, it could potentially lead to unwanted side effects. Investigating the impact of this module in a vastness of potential edge cases was the first part we tackled before writing a single line of code.
type text
h5 Related Bugs Were Found While Implementing
type text
p When starting to implement the Portscan, we found several related bugs in the Portmaster. Even though these delayed progress in this work package, it was super helpful to further mature the Portmaster overall.
title description projects team progress
Portmaster Documentation
You can see our high level concepts & you can inspect our code. But nothing in between.
Fill that gap by providing proper documentation of the Portmaster. What does each component do? With what other components does it interact? Where is its code located?
Portmaster
Website
David
Patrick
Daniel
type text
h5 Goals Are Specified, Texting Will Start Soon
type text
p Since the roadmap was prioritized not much could be done in this field. But since this project is near and dear to us, David will soon fully focus on getting these texts out of the door.
title description projects team progress
Administration Interface
Enable admins to easily accept cash payments, manage refunds or suspend rogue users.
Also provide some basic insights on signups, payments, survey results, etc...
Website
Alex
Raphael (Intern)
type text
h5 Planning Done, Implementation Pushing Forward
type text
p Having started this in July, we started off with planning & specifying this feature. After that was done Alex moved on to its implementation and already made great progress, soon to be reviewed and polished. This project also gave one of our summer interns the possibility to take part and experience a feature development cycle right from the start.
title description projects team progress
Next Page & Backlog
Properly communicate what we currently are working on so you know what to expect from us in the nearer future.
Also provide a backlog to acknowledge everything that needs to be done further down the road. Encourage participation so you can easily let us know where we might need to adapt or what we might have missed in the bigger picture.
Website
Community
Luke
David
type text
h5 Next Page And Progress Update Blog Are Done
type text
p Many have come to ask what we are up to and what our plans for the future are. And previously, we communicated deadlines and got into a bunch of uncomfortable situations. But the alternative of just NOT communicating anything is lame too, and certainly nothing we stand for. Both David and Luke ping ponged a lot of ideas until we came up with this approach - hopefully you dig it as much as we do!
type text
h5 A Lot More Coming Up in the Backlog
type text
p This is the first step of two, since we also want to share all about our work packages lined up further down the road. What features will be added to the SPN, the Portmaster, etc.. Well, we want to tell you, so we are working on it.
title description projects team progress
Redesign account.safing.io
When visiting https://account.safing.io/ to manage your Safing account, the design clearly breaks from the main website.
Unify these designs so you get a more wholesome web experience.
Website
Luke
type text
h5 It Just Started
type text
p This project is fairly new, so not too much could be achieved. The goal is to have a unified design both for the main website and the account part of the website. Luke already started out with some early design concepts.
title description projects team progress
Inception: Reaching Out
As the SPN will soon see the light of day, the time has come to spread the word, also by spending money.
Reach out to YouTube channels and newsletters in the privacy scene who offer sponsored shout-outs.
You are very welcome to give us suggestions in this context!
Marketing
Raphael
Tabitha
type text
h5 Slots Have Been Booked
type text
p We are happy to already have contacted a few folks where we could book some of their sponsorship slots. Also, some local partners reached out to help us out with marketing opportunities. We will not disclose what will come of it just yet, only after the fact. But next month's update will certainly include more information.
type text
h5 It's an Evergoing Process
type text
p Naturally, we will not be done after a few marketing gigs, which is why we are still on the look-out for further opportunities to spread the word.
type text href
a Let us know if you have any ideas on reddit https://reddit.com/r/safing/

{% include progress-update-tablecards.html %}