view the rest of the comments
Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
This is why I'm currently trying to figure out how to setup an intranet via something like openvpn. Basically a walled garden that keeps the corpos out. My version of it will also be locked to a max of 1.5mbit/s to help with bandwidth costs.
I've looked at private 5g for this a couple times using something like Openstack Magma. Get me and few friends and family and I've have decent coverage I think.
Holy shit never expected to see this comment on lemmy. I worked on magma in the early days of it
I'll bookmark this. After failing to build a meshnet, I'd love to fail to build a cell network :)
Couldn't you leverage i2p or tor?
I made a comment here about why I'm wanting it to be a walled garden. I'm not sure if i2p or tor would be able to achieve the same results. I don't know enough about them to be sure, and I know tor at least has proxy services that allow non-tor browsers to connect to tor sites, which is something I'm wanting to avoid for security reasons.
What are you gonna use it for?
It'd mainly be for older PCs (winXP and earlier along with the Mac and maybe linux equivalents). The idea is to setup a raspberry pi as a middleman so that "retro PCs" can securely connect to a network without having to worry about the numerous security holes that now exist. The raspberry pi would block anything that isn't coming through the VPN. Additionally, I'm wanting to set it up so that people who don't have the space or money for a "retro PC" can connect via virtual machine running older operating systems.
The reason why I'm wanting to exclude newer operating systems from connecting directly (though if I feel they're secure enough then I might allow newer ones as well) is partially because older PCs and web browsers would likely struggle with displaying modern web 2.0 sites. If newer PCs are allowed to join the network with modern browsers, then you run the risk of compromising the idea of having a network that attempts to operates off web 1.0/early web 2.0 design.
Another factor is that while newer PCs might be immune to most, if not all, of the security holes associated with older OSes, a clever hacker might be able to use a newer PC as a carrier (similar to how a person with a viral immunity to a virus can still spread it). Alternatively, a user who thinks they "know what they're doing" could potentially end up creating a bridge between the intranet and the wider internet. I doubt the network would ever get large enough for that to be a real risk, but I want to try to be proactive about it since the majority of the systems connecting would already be heavily compromised due to age and lack of security updates.
One thing I'm struggling with is figuring out how to ensure connecting clients are running on certain OSes or hardware using "off the shelf parts", if that's even possible to begin with. I might be able to use a web landing page that exploits security holes to check the OS/hardware and probe for connections to the external web. However, I'm not super familiar with hacking or programming systems like this, which is why I'm having to resort to using "off the shelf parts" so to speak.
Regardless, I've been trying to put together a list of software, hardware and cloud services (I'm planning to host a node or two via a service like AWS if it looks like it'd be possible to do without opening it to the external web) that I'd need to make it happen.
Edit: an additional detail is that I'm hoping that the age of the hardware/software will mean that I can use cheap and outdated hardware to run the system. The idea behind the bandwidth cap is 50% cost, 50% trying to reinforce the idea that you're not supposed to be making super modern, flashy sites. Additionally, the bandwidth cap would only apply from the node to the user, while webservers, game servers, etc would have a higher cap (maybe eventually uncapped) between nodes to avoid congestion. Basically:
User <-1.5mbit/s-> node <- ???mbit/s -> server
Or
Server <- ???mbit/s -> node <- ???mbit/s -> server
Or
user <- 1.5mbit/s -> node <- 1.5mbit/s -> user
Why 1.5mbit/s? That's the speed of a T-1 line (it was originally going to be dial-up for that sweet, sweet BEEEEEEEDONKIDONK KSHHHHHHHHHHHHHHH until I realized how much of a headache dealing with analog-digital-analog would be)
That's quite an ambitious project. I hope you're able to get it all done!
Thank you! I've got a bunch of things I've been struggling with lately, so who knows if or when I'll actually get it running, but I've been trying to move in that direction.
Do you have a github repo, mailing list, rss feed, or some other way to track this project? It sounds interesting...
Not at the moment. Tbh I'm struggling with a lot in my life right now so who knows if it ever actually gets off the ground, but I'm trying to move in that direction.
Let us know if you ever deploy it!
I replied to someone else with more details if you're interested. I will definitely try to remember to let y'all know.