Updated 2018-08-07 23:22 with some edits and to include links to NEXUS
FAQs and mention FIXION.
The Internets this morning are talking about the SCP
foundation, a collaborative writing
project. It made me think about an idea spreading around in the early
1990s about writing stories in a science fiction setting about
yourself and your friends as you wanted the future to turn out. Then
you were supposed to act in a way to make the stories come true.
In my mind this idea is connected to the NEXUS-Gaia crowd. NEXUS was a
meme possibly best explained in Dwayne “ddraig” Jones-Evans' wonderful
The NEXUS movement was about combining housing collectives and worker
cooperatives to share an Internet connection. Internet could then be
used as a means for forming a federation of nexi for commerce and
coordination. NEXUS-Gaia was the main mailing list of the movement,
all the nexi of Gaia.
My own living in the T1 collective 1996–1997, known for its early
cheapernet Internet connection, and the Area 41 collective (1998–2002
— four adults, two kids, 18 computers and redundant Internet
connections!) might be said to have been a small part of it. I'm sure
many others tried to live the dream.
Here's my flatmate Magnus and me in front of X terminals in T1's
office space, probably in 1997:
We had a 19.2 kbit/s leased line when most homes in Sweden had dial-up
In some of these stories I read/wrote back then we re-interpeted the
Gaia of NEXUS-Gaia as the Global Association of Internet Anarchists, a
rather suitable name for an association of free nexi.
Both the NEXUS meme of collaborative spaces and the idea of
collaborative writing and trying to make it come true may have
originated, or was at least much discussed, on the Future Culture
mailing list in the early 90s.
I'm still subscribed to FUTUREC, but I can't seem to find much about
this in the current archives. They only go back to 1996 and the
mailing list itself was started (on another host) in ~1992. Some
things are mentioned on Marius Watz'old
not much. Still, have a look at Marius' pages for some really good
vibes from FUTUREC of old!
After publishing the first version of this blog post Carl Winbäck
reached out over IRC and pointed me to Heath
Rezabek's old FAQs about the NEXUS
Something to note about the FAQs is how much text is about trying to
get a decent Internet connection to your home. It was difficult and
much of the point of a local NEXUS was sharing the cost of Internet, a
total non-issue for most of us today.
[The NEXUS meme] found its way into a body of collaborative prose,
based on a fusion of fact and vision, called FIXION.
Ah-ha! FIXION might have been what I was thinking about. I'm not sure.
What it would be like living in a NEXUS was probably vividly imagined
in FIXION. I'm sure it was on FutureCulture. Probably on LERI-L, too,
and perhaps on the IRC counterparts #leri and #future as well.
FIXION grew into scrytching
which Carl pointed me to. I don't think I ever heard about that
before, although rez might have mentioned it on FUTUREC.
It's funny that writing about yourself in the future is just what Alan
Moore, one of my favourite magicians, talked about in a clip I
happened to watch last night, Alan Moore on Language, Writing and
Magic, but that's just
the usual synchronicity at work, I guess.
The Network Time Protocol (NTP) was born on an interesting PDP-11
operating system called
Fuzzballs were used as routers in the National Science Foundation part
of the early Internet. They were remarkably picky about time
NTP has been with us ever since and most of Internet (and more) relies
on the venerable NTP to synchronize clocks. It's probably one of the
oldest protocols still in use.
$DAYJOB keeps a hardware (Verilog) implementation of NTP with attached
atomic clocks running in several locations in Sweden. Yes, you speak
NTP directly to the FPGA chip! No software involved! The service is
available to the public worldwide on ntp.se, which resolves to
anycast v4 and v6 addresses.
But can you trust it? How do you know that the packets comes from the
right sender? UDP spoofing is simple and NTP runs on top of UDP.
Most(?) NTP clients use a random TransmitTime in their requests to
mitigate this, but it's still sensitive to a man in the middle attack.
NTPv3 introduced support for symmetric authentication on time data
using pre-shared keys. It's unchanged in the current v4 of the
protocol. It looks remarkably old-fashioned to modern eyes. It's
similar to TSIG in DNS, which is also dated, but a bit more useful
than the NTP authentication. I think NTP authentication as it
currently stands is very seldom used.
Network Time Security (NTS) is an attempt in the IETF NTP working
group to change the NTP
authentication to something slightly more useful.
None of us has had much to do with the NTP project before, so we knew
next to nothing when we started.
We couldn't attend the IETF meeting in Montreal physically, so we
spent two days in Netnod's Malmö office instead. Well, evenings and
nights, really, in some effort to match the time zone in Montreal and,
of course, because it's a well-known fact that you hack best at night,
occassionally boosted by Club-Mate.
We coordinated work mostly on ##nts on FreeNode and the occasional
MeetEcho video conference provided by the IETF, to be able to see the
kickoff and the presentations at the end of the hackathon.
We started with Brett Vickers' Go NTP
package which is a pure-Go SNTP
implementation. SNTP is a simpler version of the NTP protocol but
wire-compatible with its big brother, so we thought it would probably
work for our purposes.
However, Brett's package only supports client-side SNTP, so we cut and
pasted from internal structures to quickly whip together a very basic
NTS-KE, the key exchange part of NTS, is based on TLS. Go's own TLS
implementation doesn't support TLS 1.3 and no RFC 5705 key extraction.
Instead, we found the mint TLS 1.3
library and used that to create
basic TLS clients and servers. Unfortunately, mint only supports
draft-22 of TLS 1.3, but we found a pull
supposedly bringing it up to draft-28.
It worked fine against Mozilla's TLS 1.3-only (HTTPS) test server,
but not against Martin Langer's OpenSSL-based NTS test server. We got
TLS handshake errors. We gave up trying to make it work. It will
probably work fine in the end when mint has been brought up to date.
On top of our TLS client and server we used mint's RFC 5705-support to
extract keys, then negotiate the “ntske/1” ALPN application protocol
on top of TLS. Inside all of that we implemented NTS-KE proper which
turned out to be a really simple protocol.
The thing we had the most problem with was the cookies. We had a few
false starts. It finally dawned on us after reading about the very
similar TLS session tickets in RFC 5077.
What we accomplished:
NTS-KE client that sends a request and can parse NTS-KE replies.
NTS-KE server with hardcoded replies.
A very basic SNTP client.
A very basic SNTP server.
Communication between the NTS-KE client and the SNTP client to send
initial cookie and key material.
Learned a lot and had a lot of fun!
After the hackathon proper: Saw some very nice C64 demos and drank a
Still left to do:
Implement NTP Extension fields in Brett's NTP package.
Implement NTS using the extension fields.
Management of shared secret between the NTS-KE server and the NTP
server for encryption of cookies.
We worked on FreeBSD and Linux machines but the code is very portable
and cross-compiled cleanly to Windows, but we haven't yet tested
anything on Windows.
I haven't touched this since the hackathon. The code is still in a
private repo. It will probably end up on Github.
ITS, the Incompatible Timesharing System, is seen in hackerdom as one
of the most hacker friendly operating system for the wonderful PDP-10
series of computers (pictured above). It has its own chapter in
Stephen Levy's remarkable book Hackers: Heroes of the Computer
Revolution, a book whose first third I often re-read when news about
modern computing brings me down.
ITS was first described in AI memo 161/A from 1968/69 by Donald E.
Eastlake 3rd, incidentally the same DEE3 we can blame for DNSSEC. A
friendly MIT librarian scanned 161A for me when I asked about in the
mid 1990s. Dave Carter later made it available as plain text, a copy
of which I keep here:
I once based a lecture on AI memo 161A. I lectured to unsuspecting
first-year Informatics students at Linköping University, invited to do
so by their senior students. I think at most a few understood what I
was talking about, but it was very well received as a fake lecture.
Fake lectures are traditionally held during the first weeks, typically
with an equally fake student asking advanced questions in the
audience. Another year I introduced the INTERCAL programming language,
mostly with a straight face.
ITS has been available for some time to run on emulators. Björn Victor
has it running on a KLH-10 emulator
on a Raspberry Pi. He has written a web server in MacLisp for it so it
can serve its own web pages at:
They are also trying to get the Knight TV consoles, the bitmap
graphics terminals used at the MIT AI lab, working in emulation.
Very little is known about the Knight TV system but it seems they are
digging up an awful lot of information. The TV consoles had PDP-11s as
frontends to the PDP-10 backend. They were bitmapped but had no window
(Photo by Noel Chiappa.)
One of the interesting thing with the Knight consoles was the
keyboard, here connected to a modern Novena laptop:
Last Friday night, about 21:30 local time. Me and #3 were walking
through the city. We climbed the stairs to the roof of a car park, 12
We found about 70–80 other people already on the roof. Some were
having a picnic on an empty parking lot. One guy had climbed onto some
higher structure on top of the roof. He sat there crosslegged, quietly
smoking, looking to the south-east while the sun came down.
The surveillance cameras must have seen us all but no guards came.
At 21:15 the moon should have been over the horizon but we had to wait
a while longer since there were some tall buildings to the south-east.
Then it slowly rose above them, the blood moon! We hung around for a
while longer, #3 jumping up and down in excitement, and then we saw
Mars as well. Really, really clear, slightly orange and beaming
I think I only had pointed out Jupiter and Venus to her before. She
was really excited to be able to see Mars.
Update 2018-07-25: Copperhead seems to be going through a lot of drama
lately. There is a rift between the CEO and the lead developer, made
even more complex since they both seem to own 50% each of the company.
The old signing key for updates has been deleted! This has left me
stranded, unsure if I want to re-install CopperheadOS, the only way to
get new updates, or if I want do something completely different.
Lineage, perhaps? A friend has even chosen
to go without a phone.
In December 2016, about the same time I ditched Apple in favour of
good old FreeBSD on my laptop, I gave my mother my old iPhone as a
Newtonmas present. To replace it I bought myself a Nexus 5x and
immediately installed CopperheadOS
on it. It has served me well since then.
Installation of CopperheadOS was a breeze. Tools such as fastboot
and adb was readily available as FreeBSD packages that was easily
installed on my Thinkpad without having to install a humongous Android
Studio or a huge Android SDK or anything.
Copperhead keeps a fork of Signal called Noise in their F-Droid repo.
At the start, this was necessary since the Android flavour of Signal
used Google Cloud Messaging to push messages. The Noise fork instead
keeps a websocket open all the time. Bad for the battery, perhaps, but
keeps you free from the Google services.
The upstreams Signal has since been patched to do the same thing, but
you'll have to install it from the
APK since it's not available on the
The Conversations XMPP client also keeps a connection alive all the
time, but my battery time has been quite acceptable.
The F-Droid package repo is excellent. The
FLOSS scene on Android is so much better than on iOS, where almost all
free apps are closed source and many have advertisments. Some of the
apps I use besides the built-in in Copperhead apps are:
Conversations - XMPP client. See the Legacy version if you need OTR
support. The new version only allows OMEMO and, strangely enough,