Wednesday, February 27, 2013

Developer Wiki, Github, and Bug Tracker

I'm gearing up to make this a real, collaborative, open-source project. The following resources should be helpful if you want to work on belnet:

Friday, February 1, 2013

Alpha Release 0.784

INSTALLATION INSTRUCTIONS 

  • navigate to one of the nodes in the node list
    • your browser will warn you about a missing certificate. This is normal for belnet.
    • you will also need to enter a username and password.
    • username: user
      password: turtyeah
  • click 'install now'
    • follow the instructions to install your brand new node
  • if you are feeling adventurous, read the previous post about security practices. (note: I have not yet published md5 hashes for the distribution files, for now you can trust things as they are so new)

Tuesday, January 29, 2013

Automatic Node List

Hopefully, we can have an automated list of all the active nodes on here now..  testing this out..

Friday, January 25, 2013

Alpha Release

Hey, so, if you just got here and you are wondering what to do:

 - navigate to one of the nodes in the node list
 - click 'install now'
 - if you are feeling adventurous, read the previous post about security practices. (note: I have not yet published md5 hashes for the distribution files, for now you can trust things as they are so new)
 - follow the instructions to install your brand new node.


username: user
password: turtyeah








Sunday, September 9, 2012

Security Information

Ok, so, I don't want to release this beast into the wild until I can mitigate and/or rationalize the security risks that may come along with it. The most important aspect of that is to make sure that users understand a little bit about how the system works and what the issues are. So I'll take the time to explain how security works on belnet and what you have to be careful about in two different cases:

  1. You browse the network and download files.
    • This is pretty much like anywhere else on the internet. Don't open programs you don't trust, and virus scan them first if you really must. The basic safety rules apply here but you don't really have anything extra to worry about. 
  2.  You want to run your own node.
    • This is the fun part, where you actually have to learn a little bit about computer security. There are three main concepts here. I'll give you the bad news first in 1, which requires your attention, followed by the good in 2 and 3, which should be re-assuring.
    1.  belnet is an open, distributed network. That means that any person on the network can change what that their node serves. Therefore this site is the only fully trusted source of information about belnet. If you read a scary warning or plea to install something on a node, please report it to belnetstatus@gmail.com immediately; all legitimate news and updates will be posted/verified through this site. Also, when you download a distribution from another node, it could have been tampered with. In order to ensure that the distribution is legit, you MUST verify its digital fingerprint or "hash" with one of the hashes listed on this site.
      •  Google "how to md5 file on _____" <--- your operating system here
      •  Follow the instructions given, and apply the process to your belnet_distro.zip file.
      •  Make sure that the result you get is listed somewhere on this page. 
    2. belnet is based on Apache Server and MySQL. These are industry standard technologies which have been battle-tested against legions of hackers and barely ever fail these days. While it is true that by hosting a node, you are allowing users to upload files to your computer, they can only upload files to your shared folder, and they cannot cause anything to run on your computer. So, they can upload a virus to your computer, but the virus would either be defended by Apache's bomb-proof security, or it would lie lifeless on your hard drive until you open it. So, the age-old rule still holds: you should be safe if you don't get tricked or run sketchy programs.
    3. belnet can be considered a darknet. That means that it is not visible or accessible from the greater internet. So, no matter how much lobbying / spying the movie and music industry fat cats do, they won't find you here. Same with the U.S. government. So belnet is a place where you can post copyrighted or sensitive information without worrying about legal threats. All traffic between nodes is encrypted, and access to nodes is password protected, so from the college's perspective, all they see is encrypted data being interchanged, nothing more. So, assuming that the web of trust (people who know the password) stays intact, the network is truly secure.