1) Still in the same apartment (a mile from the office)

2) Still happily employed at the same employer (it’s been over a year now)

3) Still working away as co founder and CTO of the Free Network Foundation. This is my only personal project at this time, and it’s a second full time job!

I see my last post was a task list. How did I do?

1) FNF NOC is operational in Kansas City. You can read about that at this FNF blog post.

2) FNF lab is built and on standby to be shipped to Kansas City. The wifi related gear (used for continuous integration) will remain here. You can read the details in this mailing list post. The lab turned out a bit different then envisioned in my last post, but over all it’s pretty similar. All of the same applications will be deployed. Just that some are now in a production instance, some are in KC, some are in ATX.

3)  I’ve yet to root my Android phone. However I have a G1 and a MyTouch3g which will be getting rooted in the near future.

4) One time passwords and token security hardening. This is finally getting under way. It’s now called FreedomTunnel.

(I’ve branded my various personal projects as FNF initiatives, and now a lot of them are moving forward under the auspices of the FNF). It’s really great to find folks who share my passion, and want to see us succeed.

5) Disaster recovery. We are deploying a backup server in Dallas which will mirror the one in KC.

It’s been a very exciting year so far!

2) Finish FNF lab setup

Dev box tasks: ( this will be used for all my security research, financial modeling etc). It will also monitor my production system in the colo (via AlienVault)

1) Setup smartmon/smartd monitoring/alerting
2) setup LXC
3) Setup Alienvault LXC instance
4) Setup GNS3
5) Setup Marketcetera
6) Setup uDig
7) Setup kismet IDS
Setup snort
9) Setup clamav
10) Setup osiris
11) Setup logwatch
12) Setup root e-mail forwarding
13) Setup vlans
14) Setup openvas
15) Setup warvox
16)  install GPU SDK/drivers/tools etc

3) Root android phone so I can use it for Serval development and other fun things

So what are the outstanding tasks to finish the reference implementation?

Phase 1: FreedomNode and FreedomLink work

Monitoring/alerting:

I have good coverage of all my prod systems at a basic level, but need to add more detail. Development/research is in a very early state, with almost no coverage. Currently using sureping.com for external monitoring of various production systems/services (apache/smtp etc) and this is working quite well. Internally I’m using opsview to monitor all of my systems (production and development). I also get traffic graphs etc.

Netflow exports to NTOP

MRTG via opsview

RANCID

Planned items: Network traffic visualization (snort/snorby/sguil/secviz.org tools)

Network Security:

• LDAP
• Kerberos
• RADIUS
• PacketFence
• One Time Password System

• Setup security test bed system
  • Setup OpenVAS
  • Setup Metasploit
  • Setup Nessus
  • Setup armitage
  • Setup various other pentest tools etc (network hacking, ssl, mitm etc)
• Setup sshfs/git/cifs for laptop to work off of server

4) Documentation

• Pictures of racks on blog/wiki << in progress
• Documentation of physical gear  (make/model, mac addresses, power/ethernet port mappings, power usage) on the wiki << in progress
• Documentation of services configuration/setup on wiki << not started
• Documentation of everything

5) Ensure all web services on wiki are operational

• Hookup cordless phone base station to knel-prod-ap1 via ATA << in progress
• Hookup Nortel VOIP phone to knel-prod-ap1 via wireless

• Ensure all items have an associated URL for access to the service and to the software homepage
• Setup antispam
• Setup collaboration systems

Now that I’m wrapping up my data ownership project, I find myself taking on a couple larger projects:

1) Working with folks on the Free Network Foundation road map. Been using e-mail / wiki / skype screen sharing for this but want a better tool.

Working with folks on the security aspects of data ownership as it relates to providing a secure infrastructure for financial transactions. This is a really big project and I want to capture all aspects of it for archival purposes. People like that for security related things.

Here is what I have deployed so far:

1) Freeswitch (an open source Voice over IP server). This will let us have secure voice/video communications without using Skype.

2) Jabber (an open source text chat server). This will let us have secure text chats. I am investigating the use of http://jitsi.org/ to provide a single, open source client for Windows/Mac/Linux that will let us have voice/video/text chat using freeswitch/jabber and also share our screens.

3) Etherpad (an open source collaborative text editor). Self explanatory. This eliminates the use of google docs

4) Redmine/Tracks (open source project management tools). I also am reviewing some open source scrum tools like icescrum.org.

5) Git (open source source control system integrated with redmine) This is used for tracking changes to code and documentation.

6) Drupal (open source content management system)

Needed tools:
What are the awesome tools in this space? They must be open source and able to be self hosted. Prefer things in python/ruby/php but can also run Java applications.

1) Shared whiteboarding tool (quick and dirty drawings, temporary todo list capture)
2) Shared diagramming tool (for network and complex project diagrams)
3) Better discussion tool then e-mail. Especially for things like this e-mail, where it really should be a document with revision tracking etc. I’m still in the process of getting etherpad deployed. I have eyeOS deployed which has some document editing tools. Need to see if these tools will provide google docs functionality or if I need to use other tools.

6) High availability (primary at RH VPS, secondary at Debian VPS)

• LinuxHA
• PowerDNS

FreedomTower/FreedomLink work

• Setting up guest wireless access SSID/DHCP subnet/bandwidth limiting etc << not started
• Setting up honeypot wireless SSID/DHCP subnet/bandwidth limiting etc << not started
• Setting up mesh link between two parts of apartment complex << not started
• Setup SPAN port on access and distribution switch for AlienVault use
• Setup channel bonding and STP between access/dist switch

B)  Home network services:

• Install AlienVault << done (deployed as a VM on proxmox machine. Needs lots of configuration, which will be done in section 3)
• Setup DNS server  << done (PowerDNS with PowerAdmin. Authoritative and recursive)

September

1) Shipped a working mesh at the end of my previous engagement. This was a very exciting milestone for me, and closed out a multi year effort of on again/off again work on mesh networks.

2) Shipped several major milestones of my data ownership stack. This was an 18 month effort, that led me on a journey through infrastructure deployment and optimization, storage and server infrastructure assessment/evaluation/burn in, sustainability review. I went from a 2 rack deployment in my garage to running everything at my new $dayjob (large hosting provider) and a backup VPS at systeminplace. This took me from a month over month operations cost of $300 to about $70.00.

3) Relocated to Austin TX to work at one of the worlds largest shared hosting companies. This was quite an adventure and represented a huge improvement in my quality of life. I thoroughly enjoyed the last 8 months of contracting, which allowed me to detox from the horrible corporate environment in Los Angeles and find a perfect opportunity.

4) Finished up some major personal projects in my life, (mentoring someone and preparing them for a successful career in IT, putting my health/wellness as my number one priority, finding a deeply fulfilling place of work.

5) Completed several lingering data ownership tasks. My data ownership wiki page is now up to date with all the aspects that I’ve been working on for a couple of years on and off. From blogging/wiki/photos/accounting/centralized address book/project management functionality, to digital economy and security. It’s been a long journey but it’s finally complete!

6) Founded the FreeNetworkFoundation and found a way to fit my data ownership work into a milestone in the FNF roadmap/operations plan.

Been a very productive and enriching first half of the year!

So what’s ahead for the rest of 2011? 

1) Finish setup of physical infrastructure for home (development and very minimal production services) network, home security and  home entertainment services.

Status: 100% completed. New consolidated production system is ready for shipment to co-location center. All other gear is on standby for further configuration/deployment to other co-location centers. 

This set of tasks encompasses the physical setup of all hardware/services for home use. It includes tasks such as networked power distribution unit installation, network cabling, console hookup, optimizing gear layout across two racks , cable organization etc.

I’m moving production related services to a co location box. Moving off my $dayjob VPS to a dedicated server for about the same monthly price.

I’ll be running the first FreedomTower off my home network.

Detailed break down:

• Pull everything off of production rack and re rack gear (necessary to clear space for build out of consolidated server) << done
• Consolidate drives/ram/peripherals to FreedomLink system (server consolidation. good stuff) << done
• Optimize gear distribution/layout on production rack << done
• Optimize air flow on all gear << done

Re-rack all gear:

2 post rack (FreedomTower rack):

• Install PDU for later use << done
• Connect all network gear to Cisco terminal server << done
• Make cables beautiful << done
• Label all gear << done

AV rack (production rack):

• Install PDU for later use << done
• Install, power up, configure 3650 distribution layer switch and 2950 access layer switch << done (overkill for a home network? perhaps. however I do plan to run a small production wireless ISP and so need a bit of infrastructure to support that.)
• Connect all network gear to console << done
• Connect all gear to network << done
• Set up gear for mesh link between two parts of apartment complex (installing gear on both ends of link,  running power/networking cabling) << done
• Setup security cameras << done
• Make cables beautiful << done

2) Base configuration of network gear, home network services, research/development/production servers.

Status: 100% completed

This set of tasks encompasses all of the basic network/server/support infrastructure configuration tasks for my development/research and home services network to be usable.

At this time, all of my gear is on the network (via wired or wireless connection) and reachable for management purposes. I have a dedicated management network (10.10.6.0/24) for all gear. Now that all the physical gear is setup, it needs to have foundational setup completed.  On the server side, this means running a virtual machine farm, on the network side this means multiple VLANs for all my future projects.

Detailed break down:

A) Physical infrastructure related tasks:

• Optimize power usage of all systems << done (via cpufreq on Linux. Hardware I’m running pfSense on has some stability issues with powerd)
• Setup ZoneMinder for home security << done (camera hooked up, video capture card working, feed into zoneminder working.).

• Setup ipv6 on pfsense << done
• Setup all virtual lans in pfsense (interface define/assign/label, subnet) << done (research operations will be done on home network. As such I need decent amount of infrastructure (software/server side) to support those projects.

• Migrate personal e-mail archive collection into online memex (i have a few hundred e-mails to take public). I need to up on the net so others can benefit from them. They are already nicely categorized. This collection will feed into the FNF roadmap. It represents several years of collected knowledge about large scale network operations.
• Write blog post on fitness “Culture Shock: from free soda to free gym, how I have built the life I want”. This will cover past status, present status and future plan. Might have to start a fitness blog or something. At least a web page to track progress. << health is my top priority in 2011. It’s why I contracted for several months and waited for the right opportunity to come along which let me live a healthy and balanced life. I want to share what I did and how I did it so others can benefit. Post started and well underway
• Setup security research/testing lab

Production Network:

1) pfSense on a Dell Optiplex x86 (connected to my TimeWarnerCable connection).

2) Cisco 3548 switch. This is the switch that everything else ties into it. My network core switch. It also provides POE for when I’m messing with various POE devices.

3) 1 Villagetelco mesh potato providing WPA2 wifi to the entire apartment.

The above setup is rock solid. It also lets me support a lab network on same set of gear. I can do multi vlan/multi ssid/multi gateways. All without affecting my production network (that’s key!)

Development network consists of:

• Cisco 2600 router

• Cisco 2500 router (console server for everything else in lab)

• 2 Cisco 2950 switch and 1 Cisco 2924 switch (3 switches covers just about every cisco cert topology)

• Cisco 3640 router

• Cisco AS5200 (not much use and might get donated)

• Cisco 6509 (my pride and joy)

• Dell optiplex desktop for lxc (all sorts of hacking here)

• Dell optiplex desktop for freedombox dev (freedombox0. will run genode and linux guests etc.)

• PS3 (parallel development)

This gear is being used at the Free Network Foundation development and test lab.

So I got back from Los Angeles yesterday and needed to go shopping. Went to the local walmart and got food for the entire month.

What did I get?

Main dish:

• 8 boxes of 6 rib eye steaks for 9.95 each (main dish for most meals of the month)
• 13 sausages (main dish when I get tired of steak)
• Chicken / beef fajitas strips (main dish when I get tired of steak)
• 4 corn on the cob (1 for each weekend)

Garnish elements:

• Rice
• Salmon (cut into little pieces)
• 5 lbs chicken (cut into little pieces)
• Shredded lettuce
• Mushrooms
• Potatoes
• Onion
• Tomatoes

This gives me breakfast/lunch/dinner for an entire month. Steak is the main meal. I garnish the steak with a pre cooked mix of potatoes/onion/salmon/chicken/lettuce/tomato (refrigerated and stored in Tupperware). It’s quite tasty. Make that mix about twice a month or so.

Pretty cheap and very healthy.

Seriously though, this is a very quick and dirty release. I make no guarantees. It should work but it might not.

My Personal Memex ( Tech note:  DOWNLOAD BITS It’s a docroot and sql dump.)

Steps to install:

1. Unpack the downloaded archive. It will uncompress into a new directory (memex_bits_release-1.0).
2. In that directory are two files: memex_docroot.tar.gz memex_dump.sql.gz)
   • So unpack memex_docroot.tar.gz into an apache directory.
   • Edit the sites/default/settings.php mysql connection line.
3. Load up the memex_dump.sql.gz into an empty MySQL database. Names/credentials should match what’s in the config.php file. You’ll need to uncompress the SQL file first, maybe you can stream it straight into mysql command. Dunno.
4. Login to the site. admin/memexpw is the credentials.

I haven’t tested doing an installation. If you find any bugs let me know. Contribute patches!

So what do you get?

1. Drupal installation with all my customizations to support my personal knowledge collection.
   • Wiki bits ( sourced from http://cwgordon.com/how-to-create-a-wiki-with-drupal)
   • Mindmap bits (sourced from http://www.pronovix.com/solution/drupal-mindmap-graphmind)
   • A start at supporting a document management system (abandoned http://cafuego.net/2009/07/11/simple-drupal-document-management-system and went with OpenDocMan)
   • Visualization bits (sourced from https://drupal.org/project/gvs )
   • Mobile bits (don’t remember what I did here. Searched around a bit and installed things that looked useful for mobile. Site looks awesome on my Android.)

Hopefully this is useful to folks.

In the meantime I have settled on a compromise: reduce the number of logins I have that aren’t under my complete control.

I have a number of logins still (across all my various LAMP applications), but I control them all.

Here are the logins I still don’t control:

1. Google (I only use google groups). I maybe able to use OpenID here not sure.
2. Hosting control panel/billing system and dynamic DNS provider (could do dyndns myself on my VPS if I wanted to)

1. Skype (still looking for a replacement for Skype. Have hopes for GNU free call.) Or just move to Jabber.
2. Yahoo/AIM/IRC (all bridged to my Jabber server on my VPS). Once enough people move to Jabber (Gtalk is acceptable here) I can just federate with them. There is an OpenFire plugin to federate with skype. Have yet to get it working.

1. Chase.com/Citi.com/AA.Com/Amex
2. Netflix/Hulu
3. Power and electric company
4. Online property management portal at my apartment complex (I could choose not to use this, but it’s really convenient)

Not too bad. Pretty much the bare minimum (things related to finance/utilities). These folks usually have pretty good security, but not always.

Where are other folks in their data  ownership journeys? Tell me in a comment.

Enjoy.

Phase 1: FreedomBox

Phase 2: Network architecture for the freedombox to communicate over

1) Download the tahoe dist zip

2) Install deps first round. (sudo apt-get install build-essential libpython2.7-dev )

3) As root python setup.py build   && python setup.py install

4)  Install deps second round: ( sudo apt-get install python-pycryptopp  python-mock python-asn1 python-nevow python-foolscap )

I run pfsense 1.2.3 as my routing platform. Have a mix of Windows/Linux workstations and servers. I simply followed the howto at http://www.xaero.org/index.php/archive/tag/tunnelbroker/ and http://tuts4tech.net/2010/07/18/ipv6-tunnel-on-pfsense/ for the setup.

I’m now fully operational from a connectivity perspective.  I checked at http://test-ipv6.com/ and http://www.delong.com/cgi-bin/areyouv6.cgi

Next step is to enable v6 delivery of my www/smtp/xmpp/sip services. more on that as it happens.