{direct link: cryptostorm.org/miyamoto}
config available here on-forum, and via github
After more than the usual amount of concerted effort, we are pleased to put in full production status the first ("anchor") exitnode for our Tokyo Japan exitnode cluster. It has been our intention to provide cryptostorm exit capacity here for quite some time - nearly two years, in fact. As we have a number of good friends & colleagues who reside there, we have been looking for opportunities to provide useful capability in this geographic space.
However, there have been some challenges and it was only when we were comfortable with our solutions that we made the decision to act.
Historically, colocation-based server capacity was difficult to obtain in Japan itself; some of this was the result of governmental regulation, some simply reflected challenges in working between cultures. For example, we were unsuccessful in explaining the "month-to-month server lease" concept, in past years, to potential datacentre providers who were comfortable with large corporate customers entering into years-long contractual relationships after extensive negotiations.
As time went by, we found those limitations becoming less of a problem but still there remained a lack of datacentres providing genuine "bare metal" servers for clients from outside Japan. For us this is a non-negotiable issue, as the security consequences of VM (virtual machine) exitnodes are simply unacceptable in a security-intensive context such as ours.
After this long search, we did identify a datacentre that was promising and seemed comfortable working with our style of details-oriented, technically aggressive network resource administration (translation: we're a picky, obsessive, highly engaged customer for datacentres and sometimes they prefer less technically inclined customers as they are easier to... market to, shall we say?).
However, as we began our work in stripping the machine down to post-BIOS state and installing our "stormnode" kernel and related components (a modified RLEH distro w/ full grsec mod implementation & extensive removal of unnecessary package structures, post-compile), we noted inconsistencies in the baseline kernel builds we were seeing on the machine. As the initial 'footprint' for the install came via network-delivered installer packages, we had concerns their integrity had been broken along the way. This we discussed with onsite datacentre technical staff, via our intermediaries in the project, and in the end we don't feel the datacentre was involved in anything untoward - but we also do not have an explanation that we can back with sufficient data to be considered definitive.
That kind of investigative research, while often interesting and useful for overall security community publication, is not our core focus and in this case our drive was to produce an as-installed kernel and production context that we are confident has binary-level integrity and has not been subject to mutation by hostile processes during installation or afterwards. After going through more kernel reinstall cycles than we care to remember, we finally were able to produce a machine that passed all integrity checks with flying colours: miyamoto.
২ ২ ২
As is cryptostorm tradition, we asked folks connected with our main twitter account for suggestions on naming the anchor node in our Japanese cluster. There were quite a few excellent ones, and we'll likely be using those as the cluster expands with additional nodes (we do refer to one-node clusters as "clusters," since we'd have to shift naming conventions otherwise, when redundant capacity comes online as is standard practice for our cluster management). However, it was not possible for us to choose anything but miyamoto, referencing Musashi Miyamoto but inevitably also bringing to mind the legendary Shigeru Miyamoto of Nintendo.
Musashi Miyamoto | 宮本 武蔵: author of "五輪の書" ("The Book of Five Rings"), calligrapher, Buddhist, scholar, rōnin. In his own words:
I have trained in the way of strategy since my youth, and at the age of thirteen I fought a duel for the first time. My opponent was called Arima Kihei, a sword adept of the Shinto ryū, and I defeated him. At the age of sixteen I defeated a powerful adept by the name of Akiyama, who came from Tajima Province. At the age of twenty-one I went up to Kyōtō and fought duels with several adepts of the sword from famous schools, but I never lost.
Musashi's development and mastery of double-sword technique - known both as niten'ichi ( 二天一 | "two heavens as one") and nitōichi (二刀一 | "two swords as one") - is often said to be a supreme expression of the art of swordsmanship, and masters of this technique in the intervening centuries are miniscule in number. Rather than the limited elegance of two-handed long sword use, he saw the potential for a fluid, elegant, profoundly effective two-handed/two-swords practice... even though this did not exist yet. Undaunted by its nonexistence and perhaps even a little bit drawn to this, he crafted it himself and shared it with students and readers of his words.
At the same time, there is a dual-edged nature to Musashi's spirit: a warrior who fought dozens of battles to the death, and yet also a scholar and Buddhist. Although it is easy to simply assume these were "two sides" of him, we feel the deeper perspective recognizes that a thing has no "sides" but rather encompasses multitudes and expresses these elements depending on circumstances. His contributions as an artist, later in life, show him to be fully-fleshed as a sentient being and not merely a killing machine.
- 150px-Kobokumeigekizu.jpg (8.96 KiB) Viewed 43080 times
Much has been written, and much is worth reading, when it comes to Musashi's wisdom. Here are some starting resources, for those interested:
IWAMI dragon interview english.pdf- (52.75 KiB) Downloaded 843 times
- DRAGON 01 2005-MUSASHI-ECOLE DES 2 SABRES.pdf
- (2.59 MiB) Downloaded 1186 times
- DRAGON 01 2006-INTERVIEW IWAMI.pdf
- (2.09 MiB) Downloaded 1276 times
- interview niten 2006.pdf
- (68.72 KiB) Downloaded 856 times
宮本 | Miyamoto, Musashi's surname and the name of his birth village, can be translated to the Engish as "base of the shrine" and we hope this proves to be an auspicious choice as anchor for our Japanese resources. In combination with the soon to be released native Japanese translation of our Windows connection 'widget,' it is a strong step forward in our work to assist modern-day network rōnin as the embrace the complexity of whatever pathways life presents for them in their travels.
ありがとうございました。
~ cryptostorm_team
Surfing on Singapore since it came available, already a serious speed boost over US/Canada nodes.
