Promote convergence

beaglebone.txt

 iptables -A INPUT -p udp --destination-port 4000 -j DROP
 iptables -A INPUT -p udp --destination-port 119 -j DROP
 iptables -A INPUT -p udp --destination-port 137 -j DROP
+iptables -A INPUT -p udp --destination-port 8432 -j DROP
+iptables -A INPUT -p udp --destination-port 8433 -j DROP
 
 # Make sure NEW incoming tcp connections are SYN packets
 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
 # Limit Bitmessage connections
 iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
 
+# Limit Convergence notary
+iptables -A INPUT -p tcp --dport 8432:8433 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
+
 # Limit the number of incoming tcp connections
 # Interface 0 incoming syn-flood protection
 iptables -N syn_flood
 To make the list easier to identify, rather than just appearing as a random string, then under the *Your Identities* tab right click on it and select *Set Avatar* and assign a suitable icon.
 
 The disadvantage of this type of mailing list is that it's not possible for any one participant to act as a list moderator, or in other words each participant must do their own moderation.  That's ok if the size of the group is small, but if it's larger then anyone spamming or trolling the list can make things miserable for the others.
+** Add a Convergenge notary
+Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable and largely untrusted CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.  For more details see [[http://convergence.io][convergence.io]] or [[http://www.youtube.com/watch?v=Z7Wl2FW2TcA][this talk which explains the concepts]].
+
+*** Installation
+
+#+BEGIN_SRC: bash
+apt-get install python python-twisted-web python-twisted-names python-m2crypto python-openssl
+cd /tmp
+wget http://freedombone.uk.to/convergence-notary-current.tar.gz
+#+END_SRC
+
+Verify it:
+
+#+BEGIN_SRC: bash
+sha256sum convergence-notary-current.tar.gz
+6d3f7f30649c174c58ef4d719498d33737ddfa229f3d7fc51af0162b590d719b
+#+END_SRC
+
+Install it:
+
+#+BEGIN_SRC: bash
+tar zxvf convergence-notary-current.tar.gz
+cd convergence-0.4
+python ./setup.py install
+#+END_SRC
+
+Generate a key pair:
+
+#+BEGIN_SRC: bash
+convergence-gencert
+#+END_SRC
+
+When asked for a challenge password just hit *Enter* a couple of times.  Then move the key pair to the appropriate directories as follows.
+
+#+BEGIN_SRC: bash
+mv mynotary.key /etc/ssl/private
+chmod 400 /etc/ssl/private/mynotary.key
+mv mynotary.pem /etc/ssl/certs
+#+END_SRC
+
+Now create the database:
+
+#+BEGIN_SRC: bash
+convergence-createdb
+#+END_SRC
+
+Create an initialisation script:
+
+#+BEGIN_SRC: bash
+convergence-notary -p 8432 -s 8433 -c /etc/ssl/certs/mynotary.pem -k /etc/ssl/private/mynotary.key
+#+END_SRC
+
+An initialisation script will be created automatically within /etc/init.d.
+
+Generate a notary bundle:
+
+#+BEGIN_SRC: bash
+convergence-bundle
+#+END_SRC
+
+Enter your name, nickname, handle or whatever.
+
+For the bundle location enter https://mydomainname.com/convergence.notary
+
+For the Hostname enter your domain name
+
+For SSL port enter *8433* and for HTTP port nter *8432*
+
+For the pem file enter */etc/ssl/certs/mynotary.pem*
+
+#+BEGIN_SRC: bash
+export HOSTNAME=mydomainname.com
+mv mynotarybundle.notary /var/www/$HOSTNAME/htdocs/convergence.notary
+chown www-data:www-data /var/www/$HOSTNAME/htdocs/convergence.notary
+#+END_SRC
+
+Now open ports 8432 and 8433 on your internet router or firewall and direct it to the BBB.
+
+*** Using Convergence
+On a computer which is not the BBB (your laptop, etc):
+
+Install the browser plugin by navigating to https://convergence.io or a backup copy also exists at http://freedombone.uk.to/convergence-current.xpi
+
+After installation restart your browser.
+
+You will notice that an icon appears in the top right corner of the browser, which resembles a lock and two plus signs.  Click on the down arrow to the right of it and select *options*.
 ** Install Tripwire
 
 #+BEGIN_VERSE
 | XMPP (server) |       5269 |
 | XMPP (BOSH)   | 5280..5281 |
 | Bitmessage    |       8444 |
+| Convergence   | 8432..8433 |
 
 * Hints and Tips
 ** Messaging security
 
 See documentation in /usr/share/doc/kune/INSTALL.gz
 
-** Add a Convergenge notary
-Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable and largely untrusted CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.  For more details see [[http://convergence.io][convergence.io]]
-
-#+BEGIN_SRC: bash
-apt-get install python python-twisted-web python-twisted-names python-m2crypto python-openssl
-cd /tmp
-wget http://freedombone.uk.to/convergence-notary-current.tar.gz
-#+END_SRC
-
-Verify it:
-
-#+BEGIN_SRC: bash
-sha256sum convergence-notary-current.tar.gz
-6d3f7f30649c174c58ef4d719498d33737ddfa229f3d7fc51af0162b590d719b
-#+END_SRC
-
-Install it:
-
-#+BEGIN_SRC: bash
-tar zxvf convergence-notary-current.tar.gz
-cd convergence-0.4
-python ./setup.py install
-#+END_SRC
-
-Generate a key pair:
-
-#+BEGIN_SRC: bash
-convergence-gencert
-#+END_SRC
-
-When asked for a challenge password just hit *Enter* a couple of times.  Then move the key pair to the appropriate directories as follows.
-
-#+BEGIN_SRC: bash
-mv mynotary.key /etc/ssl/private
-chmod 400 /etc/ssl/private/mynotary.key
-mv mynotary.pem /etc/ssl/certs
-#+END_SRC
-
-Now create the database:
-
-#+BEGIN_SRC: bash
-convergence-createdb
-#+END_SRC
-
-Create an initialisation script:
-
-#+BEGIN_SRC: bash
-convergence-notary -p 8432 -s 8433 -c /etc/ssl/certs/mynotary.pem -k /etc/ssl/private/mynotary.key
-#+END_SRC
-
-An initialisation script will be created automatically within /etc/init.d.
-
-Generate a notary bundle:
-
-#+BEGIN_SRC: bash
-convergence-bundle
-#+END_SRC
-
-Enter your name, nickname, handle or whatever.
-
-For the bundle location enter https://mydomainname.com/convergence.notary
-
-For the Hostname press Enter.
-
-#+BEGIN_SRC: bash
-export HOSTNAME=mydomainname.com
-mv mynotarybundle.notary /var/www/$HOSTNAME/htdocs/convergence.notary
-chown www-data:www-data /var/www/$HOSTNAME/htdocs/convergence.notary
-#+END_SRC
-
-Now open ports 8432 and 8433 on your internet router or firewall and direct it to the BBB.
-
 * Related projects
 
   * [[https://freedomboxfoundation.org/][Freedombox]]