MC's Journal

Collaborative working and writing

Updated 2018-08-07 23:22 with some edits and to include links to NEXUS FAQs and mention FIXION.

The Internets this morning are talking about the SCP foundation, a collaborative writing project. It made me think about an idea spreading around in the early 1990s about writing stories in a science fiction setting about yourself and your friends as you wanted the future to turn out. Then you were supposed to act in a way to make the stories come true.

In my mind this idea is connected to the NEXUS-Gaia crowd. NEXUS was a meme possibly best explained in Dwayne “ddraig” Jones-Evans' wonderful NEXUS manifesto. The NEXUS movement was about combining housing collectives and worker cooperatives to share an Internet connection. Internet could then be used as a means for forming a federation of nexi for commerce and coordination. NEXUS-Gaia was the main mailing list of the movement, all the nexi of Gaia.

My own living in the T1 collective 1996–1997, known for its early cheapernet Internet connection, and the Area 41 collective (1998–2002 — four adults, two kids, 18 computers and redundant Internet connections!) might be said to have been a small part of it. I'm sure many others tried to live the dream.

Here's my flatmate Magnus and me in front of X terminals in T1's office space, probably in 1997:

Magnus and MC in front of X terminals

We had a 19.2 kbit/s leased line when most homes in Sweden had dial-up at best.

In some of these stories I read/wrote back then we re-interpeted the Gaia of NEXUS-Gaia as the Global Association of Internet Anarchists, a rather suitable name for an association of free nexi.

Both the NEXUS meme of collaborative spaces and the idea of collaborative writing and trying to make it come true may have originated, or was at least much discussed, on the Future Culture mailing list in the early 90s.

I'm still subscribed to FUTUREC, but I can't seem to find much about this in the current archives. They only go back to 1996 and the mailing list itself was started (on another host) in ~1992. Some things are mentioned on Marius Watz' old FUTUREC pages, but not much. Still, have a look at Marius' pages for some really good vibes from FUTUREC of old!

After publishing the first version of this blog post Carl Winbäck reached out over IRC and pointed me to Heath Rezabek's old FAQs about the NEXUS movement:

Something to note about the FAQs is how much text is about trying to get a decent Internet connection to your home. It was difficult and much of the point of a local NEXUS was sharing the cost of Internet, a total non-issue for most of us today.

In FAQ 1 rez writes:

[The NEXUS meme] found its way into a body of collaborative prose, based on a fusion of fact and vision, called FIXION.

Ah-ha! FIXION might have been what I was thinking about. I'm not sure. What it would be like living in a NEXUS was probably vividly imagined in FIXION. I'm sure it was on FutureCulture. Probably on LERI-L, too, and perhaps on the IRC counterparts #leri and #future as well.

The FIXION archives were here at one time:

but the Wayback Machine has nothing from them.

FIXION grew into scrytching which Carl pointed me to. I don't think I ever heard about that before, although rez might have mentioned it on FUTUREC.

It's funny that writing about yourself in the future is just what Alan Moore, one of my favourite magicians, talked about in a clip I happened to watch last night, Alan Moore on Language, Writing and Magic, but that's just the usual synchronicity at work, I guess.

Network Time Security

Update: Code available on Github.

The Network Time Protocol (NTP) was born on an interesting PDP-11 operating system called Fuzzball. Fuzzballs were used as routers in the National Science Foundation part of the early Internet. They were remarkably picky about time synchronization.

NTP has been with us ever since and most of Internet (and more) relies on the venerable NTP to synchronize clocks. It's probably one of the oldest protocols still in use.

$DAYJOB keeps a hardware (Verilog) implementation of NTP with attached atomic clocks running in several locations in Sweden. Yes, you speak NTP directly to the FPGA chip! No software involved! The service is available to the public worldwide on, which resolves to anycast v4 and v6 addresses.

This is, for most purposes, the Swedish time. More about this on Netnod's project pages.

But can you trust it? How do you know that the packets comes from the right sender? UDP spoofing is simple and NTP runs on top of UDP. Most(?) NTP clients use a random TransmitTime in their requests to mitigate this, but it's still sensitive to a man in the middle attack.

NTPv3 introduced support for symmetric authentication on time data using pre-shared keys. It's unchanged in the current v4 of the protocol. It looks remarkably old-fashioned to modern eyes. It's similar to TSIG in DNS, which is also dated, but a bit more useful than the NTP authentication. I think NTP authentication as it currently stands is very seldom used.

Network Time Security (NTS) is an attempt in the IETF NTP working group to change the NTP authentication to something slightly more useful.

During the IETF 102 hackathon (14–15 July) I teamed up with my friends Daniel “quite” Lublin, omni and raccoon to make an attempt at implementing the Dansarie NTS spec $DAYJOB has contributed to.

None of us has had much to do with the NTP project before, so we knew next to nothing when we started.

We couldn't attend the IETF meeting in Montreal physically, so we spent two days in Netnod's Malmö office instead. Well, evenings and nights, really, in some effort to match the time zone in Montreal and, of course, because it's a well-known fact that you hack best at night, occassionally boosted by Club-Mate.

We coordinated work mostly on ##nts on FreeNode and the occasional MeetEcho video conference provided by the IETF, to be able to see the kickoff and the presentations at the end of the hackathon.

We started with Brett Vickers' Go NTP package which is a pure-Go SNTP implementation. SNTP is a simpler version of the NTP protocol but wire-compatible with its big brother, so we thought it would probably work for our purposes.

However, Brett's package only supports client-side SNTP, so we cut and pasted from internal structures to quickly whip together a very basic SNTP server.

NTS-KE, the key exchange part of NTS, is based on TLS. Go's own TLS implementation doesn't support TLS 1.3 and no RFC 5705 key extraction. Instead, we found the mint TLS 1.3 library and used that to create basic TLS clients and servers. Unfortunately, mint only supports draft-22 of TLS 1.3, but we found a pull request supposedly bringing it up to draft-28.

It worked fine against Mozilla's TLS 1.3-only (HTTPS) test server,

but not against Martin Langer's OpenSSL-based NTS test server. We got TLS handshake errors. We gave up trying to make it work. It will probably work fine in the end when mint has been brought up to date.

On top of our TLS client and server we used mint's RFC 5705-support to extract keys, then negotiate the “ntske/1” ALPN application protocol on top of TLS. Inside all of that we implemented NTS-KE proper which turned out to be a really simple protocol.

The thing we had the most problem with was the cookies. We had a few false starts. It finally dawned on us after reading about the very similar TLS session tickets in RFC 5077.

What we accomplished:

Still left to do:

We worked on FreeBSD and Linux machines but the code is very portable and cross-compiled cleanly to Windows, but we haven't yet tested anything on Windows.

I haven't touched this since the hackathon. The code is still in a private repo. It will probably end up on Github.

Incompatible Timesharing System

A KL10

(Photo by Michael L. Umbricht, CC BY-SA.)

ITS, the Incompatible Timesharing System, is seen in hackerdom as one of the most hacker friendly operating system for the wonderful PDP-10 series of computers (pictured above). It has its own chapter in Stephen Levy's remarkable book Hackers: Heroes of the Computer Revolution, a book whose first third I often re-read when news about modern computing brings me down.

ITS was first described in AI memo 161/A from 1968/69 by Donald E. Eastlake 3rd, incidentally the same DEE3 we can blame for DNSSEC. A friendly MIT librarian scanned 161A for me when I asked about in the mid 1990s. Dave Carter later made it available as plain text, a copy of which I keep here:

I once based a lecture on AI memo 161A. I lectured to unsuspecting first-year Informatics students at Linköping University, invited to do so by their senior students. I think at most a few understood what I was talking about, but it was very well received as a fake lecture. Fake lectures are traditionally held during the first weeks, typically with an equally fake student asking advanced questions in the audience. Another year I introduced the INTERCAL programming language, mostly with a straight face.

Another great text about ITS is Alan Bawden's paper on how the ITS operating system made system calls restartable: PCLSRing: Keeping Process State Modular.

ITS has been available for some time to run on emulators. Björn Victor has it running on a KLH-10 emulator on a Raspberry Pi. He has written a web server in MacLisp for it so it can serve its own web pages at:

Björn also keeps TOPS-20 running on KLH-10 on a similar raspi, a clone of the real TOPS-20 system AIDA in Uppsala: TINA Is not AIDA:

Funny quote from Björn that might also cover the ITS machine:

The emulated system cost about 1/20000 of the original, weighs about 1/60000, using 1/6000 of the power, and still runs about 3 times faster than the original system.

Here's me hugging the real AIDA a few years ago during a visit to a museum:

See my blog post Visiting Aida.

Paul “pul-s” Svensson has also written a web server for ITS, but in the MIDAS assembler:

MIDAS source for the web server.

You can connect to both these machines with SUPDUP for the complete experience. You can run the original TECO Emacs, for instance. ITS feels rather modern, considering its age.

Björn keeps an ITS wiki:

Lars Brinkhoff and friends are trying to make it easy to build ITS from scratch:

They are also trying to get the Knight TV consoles, the bitmap graphics terminals used at the MIT AI lab, working in emulation.

Very little is known about the Knight TV system but it seems they are digging up an awful lot of information. The TV consoles had PDP-11s as frontends to the PDP-10 backend. They were bitmapped but had no window system.

Knight console

(Photo by Noel Chiappa.)

One of the interesting thing with the Knight consoles was the keyboard, here connected to a modern Novena laptop:

Knight keyboard

(Photo by Mike McMahon. CC BY.)

The Knight keyboard was the main inspiration to the later Space Cadet keyboard on the Lisp Machines, which is probably one of the reasons we have Meta and Super keys in X11.

Incidentally, if someone has a Knight or Space Cadet keyboard (or a Novena, for that matter!), my birthday is coming up soon...

Lars extracted the default Knight TV font and made it available both as an X11 BDF font and a VT220 soft font:

He made the screenshot using cool-retro-term, not an actual, nor emulated, Knight console.

I'm sure Lars and friends will welcome any help even though I warn you that this is a real time sink that I have been down before.

#3, Mars and the blood moon

Last Friday night, about 21:30 local time. Me and #3 were walking through the city. We climbed the stairs to the roof of a car park, 12 storeys high.

We found about 70–80 other people already on the roof. Some were having a picnic on an empty parking lot. One guy had climbed onto some higher structure on top of the roof. He sat there crosslegged, quietly smoking, looking to the south-east while the sun came down.

The surveillance cameras must have seen us all but no guards came.

At 21:15 the moon should have been over the horizon but we had to wait a while longer since there were some tall buildings to the south-east. Then it slowly rose above them, the blood moon! We hung around for a while longer, #3 jumping up and down in excitement, and then we saw Mars as well. Really, really clear, slightly orange and beaming towards us.

I think I only had pointed out Jupiter and Venus to her before. She was really excited to be able to see Mars.


Update 2018-07-25: Copperhead seems to be going through a lot of drama lately. There is a rift between the CEO and the lead developer, made even more complex since they both seem to own 50% each of the company. The old signing key for updates has been deleted! This has left me stranded, unsure if I want to re-install CopperheadOS, the only way to get new updates, or if I want do something completely different. Lineage, perhaps? A friend has even chosen to go without a phone.

In December 2016, about the same time I ditched Apple in favour of good old FreeBSD on my laptop, I gave my mother my old iPhone as a Newtonmas present. To replace it I bought myself a Nexus 5x and immediately installed CopperheadOS on it. It has served me well since then.

Installation of CopperheadOS was a breeze. Tools such as fastboot and adb was readily available as FreeBSD packages that was easily installed on my Thinkpad without having to install a humongous Android Studio or a huge Android SDK or anything.

Copperhead keeps a fork of Signal called Noise in their F-Droid repo. At the start, this was necessary since the Android flavour of Signal used Google Cloud Messaging to push messages. The Noise fork instead keeps a websocket open all the time. Bad for the battery, perhaps, but keeps you free from the Google services.

The upstreams Signal has since been patched to do the same thing, but you'll have to install it from the APK since it's not available on the F-Droid repo.

The Conversations XMPP client also keeps a connection alive all the time, but my battery time has been quite acceptable.

The F-Droid package repo is excellent. The FLOSS scene on Android is so much better than on iOS, where almost all free apps are closed source and many have advertisments. Some of the apps I use besides the built-in in Copperhead apps are:

I don't do e-mail on my phone. If I did I would probably use the K9 e-mail client.

My work phone is still an iPhone and thoroughly connected to both the Apple and Google universes, but it's nice to think that at least my personal phone is free from them.

Previous Page 2 of 32 Next Page