Post by cryptostorm_team » Sun Oct 19, 2014 2:21 am
{direct link: stormlink.cryptostorm.is}This is a placeholder thread for discussion of what has colloquially come to be known as the "cryptostorm router" over the years - and which we're now officially referring to as "
stormlink" (
http://stormlink.is is the domain, although currently it's just parked on top of our main site). We've been asked about a "cryptostorm router" many, many times - and in general our reply has been twofold:
One, we support a passle of opensource router firmware frameworks and we're always happy to put the effort in necessary to support more. So if folks want to do router-side cstorm installs, excellent! We're 100% in favour of such topologies, and always have been. There's some excellent tutorials here in the
connection guide subforum on doing router-based cryptostorm installs, and we've many network members running from the router.
Two, we've all along been (not so) secretly hoping that someone would come along and bundle up cryptostorm service with a hardware router and sell that bundled solution as a standalone product. Heck, we've pitched just that model to more than one prospective vendor... many of whom agree it sounds like a great idea. That's because it is a great idea. Sadly, none of these discussions has resulted in a commercially-available product thus far.
As a result, we've realised that we might need to do this in-house - or at least "prime the pump" with an in-house version - in order to get it into the market quickly and effectively.
Then came anonabox...
Sigh.
We're not going to weigh in on the details of that situation - nor are we going to join in the gleeful denunciations of the backers of anonabox. Partly that's a reflection of our distaste for mob-frenzy judgement-frenzies, and partly it's because we've not taken the time to really learn the facts of the whole thing - nor are we likely to ever take the time. So we're not passing judgement on the motives or decisions of those involved.
However, the anonabox kerfuffle certainly did demonstrate one thing clearly: people really,
really want a customer-friend, easy-to-use, cost-effective, plug-and-play appliance that will tunnel all their 'net traffic through a secure channel. That pent-up demand is simply not being met by geek-centric solutions that require flashing firmware, installing OS patches, compiling underlying libraries, configuring iptables, and so forth. We're not denigrating the great opensource projects out there which make these setups possible for the technically inclined; rather, we're observing that these solutions in and of themselves won't be useful for 95+% of folks out there.
Therefore:
stormlink.
On the one hand, this is far from rocket science to implement - all the tools exist, thanks to good work by good opensource teams. Rather, it's a question of stringing them together securely, reliably, resiliently, and elegantly. That's not easy - but it's not like coding up some amazing new thing out of thin air, from scratch.
On the other hand... hardware. Yikes. We're not a hardware-based team, and don't pretend to be one. So when we see heavy hardware questions, we recognize that we're not subject matter experts and won't become subject matter experts overnight. But we've decided that, despite the spooky nature of hardware gizmos, this is a worthwhile project & we will dedicate the resources necessary to make it happen.
Already in twitter we've had the benefit of advice and information from some really well-qualified hardware experts - by opening this thread, we're hoping to gather that and more in one place where we can winnow it down to a product/project spec.
This is a project we need to do, and we're doing it. We're not rushing into it, but having had years to ponder it and wait for it to be "done right" by others, we do have a bit of useful perspective as a starting point. Plus, we do know a little bit about secure network service by now
Our request: please share with us your questions, suggestions, recommendations, hard-won warnings, and so on. We'll do our best to leverage what we learn into the best, most elegant, most secure, most cost-effective route-based secure networking product we can create!
Thank you,
~ cryptostorm_team
[size=85][i]{direct link: stormlink.cryptostorm.is}[/i][/size]
This is a placeholder thread for discussion of what has colloquially come to be known as the "cryptostorm router" over the years - and which we're now officially referring to as "[u]stormlink[/u]" (http://stormlink.is is the domain, although currently it's just parked on top of our main site). We've been asked about a "cryptostorm router" many, many times - and in general our reply has been twofold:
One, we support a passle of opensource router firmware frameworks and we're always happy to put the effort in necessary to support more. So if folks want to do router-side cstorm installs, excellent! We're 100% in favour of such topologies, and always have been. There's some excellent tutorials here in the [url=https://cryptostorm.org/viewforum.php?f=37]connection guide subforum[/url] on doing router-based cryptostorm installs, and we've many network members running from the router.
Two, we've all along been (not so) secretly hoping that someone would come along and bundle up cryptostorm service with a hardware router and sell that bundled solution as a standalone product. Heck, we've pitched just that model to more than one prospective vendor... many of whom agree it sounds like a great idea. That's because it is a great idea. Sadly, none of these discussions has resulted in a commercially-available product thus far.
As a result, we've realised that we might need to do this in-house - or at least "prime the pump" with an in-house version - in order to get it into the market quickly and effectively.
Then came anonabox...
Sigh.
We're not going to weigh in on the details of that situation - nor are we going to join in the gleeful denunciations of the backers of anonabox. Partly that's a reflection of our distaste for mob-frenzy judgement-frenzies, and partly it's because we've not taken the time to really learn the facts of the whole thing - nor are we likely to ever take the time. So we're not passing judgement on the motives or decisions of those involved.
However, the anonabox kerfuffle certainly did demonstrate one thing clearly: people really, [i]really[/i] want a customer-friend, easy-to-use, cost-effective, plug-and-play appliance that will tunnel all their 'net traffic through a secure channel. That pent-up demand is simply not being met by geek-centric solutions that require flashing firmware, installing OS patches, compiling underlying libraries, configuring iptables, and so forth. We're not denigrating the great opensource projects out there which make these setups possible for the technically inclined; rather, we're observing that these solutions in and of themselves won't be useful for 95+% of folks out there.
Therefore: [u]stormlink[/u].
On the one hand, this is far from rocket science to implement - all the tools exist, thanks to good work by good opensource teams. Rather, it's a question of stringing them together securely, reliably, resiliently, and elegantly. That's not easy - but it's not like coding up some amazing new thing out of thin air, from scratch.
On the other hand... hardware. Yikes. We're not a hardware-based team, and don't pretend to be one. So when we see heavy hardware questions, we recognize that we're not subject matter experts and won't become subject matter experts overnight. But we've decided that, despite the spooky nature of hardware gizmos, this is a worthwhile project & we will dedicate the resources necessary to make it happen.
Already in twitter we've had the benefit of advice and information from some really well-qualified hardware experts - by opening this thread, we're hoping to gather that and more in one place where we can winnow it down to a product/project spec.
This is a project we need to do, and we're doing it. We're not rushing into it, but having had years to ponder it and wait for it to be "done right" by others, we do have a bit of useful perspective as a starting point. Plus, we do know a little bit about secure network service by now :angel:
Our request: please share with us your questions, suggestions, recommendations, hard-won warnings, and so on. We'll do our best to leverage what we learn into the best, most elegant, most secure, most cost-effective route-based secure networking product we can create!
Thank you,
[i]~ cryptostorm_team[/i]
