Mercurial > hg > anonet-resdb
comparison doc/www.anonet2.org/public_pod/faq.pod @ 57:0579cf4cc59a draft
minor fixes and updates
| author | Nick <nick@somerandomnick.ano> |
|---|---|
| date | Wed, 16 Jun 2010 03:43:53 +0000 |
| parents | 412a2ce1326a |
| children | a34c72e28c98 |
comparison
equal
deleted
inserted
replaced
| 56:d2e2d8432e91 | 57:0579cf4cc59a |
|---|---|
| 6 | 6 |
| 7 =over | 7 =over |
| 8 | 8 |
| 9 =item Why do you use 1.0.0.0/8? It's been assigned to APNIC. You should use private (RFC1918) address space like 10.0.0.0/8. | 9 =item Why do you use 1.0.0.0/8? It's been assigned to APNIC. You should use private (RFC1918) address space like 10.0.0.0/8. |
| 10 | 10 |
| 11 AnoNet is a public network, and as such it should use public address space. ICANN (a private corporation) controls the public resources on the IcannNet (a.k.a. the "public" Internet), and has delegated 1.0.0.0/8 on the IcannNet to APNIC. AnoNet is a separate public network, that doesn't answer to ICANN (nor to anybody else, for that matter). Now, that said, when AnoNet started using 1.0.0.0/8 it was reserved (i.e., not to be allocated), but because of ICANN's mismanagement of the IPv4 address space (which is why nearly all 4 billion addresses have already been assigned, in a world with only 6 billion total people, including all the starving babies in Africa who don't even know yet what a computer is), ICANN had to take 1.0.0.0/8 out of its "reserved" pool and to put it into the "assignable" pool. AnoNet has no control over ICANN policy, so while AnoNet did attempt to avoid directly conflicting with IcannNet addresses, ICANN ultimately made sure that attempt would fail. (If you'd like to connect to an internet with address space that's still in the ICANN "reserved" pool, you may want to try VAnet.) Using private address space is inappropriate for a public network, per RFC1918. (If you'd like to connect to an internet that uses private address space anyway, you may want to try dn42 at L<http://www.dn42.net/>.) | 11 AnoNet is a public network, and as such it should use public address |
| 12 space. ICANN (a private corporation) controls the public resources on | |
| 13 the IcannNet (a.k.a. the "public" Internet), and has delegated 1.0.0.0/8 | |
| 14 on the IcannNet to APNIC. AnoNet is a separate public network, that | |
| 15 doesn't answer to ICANN (nor to anybody else, for that matter). Now, | |
| 16 that said, when AnoNet started using 1.0.0.0/8 it was reserved (i.e., | |
| 17 not to be allocated), but because of ICANN's mismanagement of the IPv4 | |
| 18 address space (which is why nearly all 4 billion addresses have already | |
| 19 been assigned, in a world with only 6 billion total people, including all | |
| 20 the starving babies in Africa who don't even know yet what a computer is), | |
| 21 ICANN had to take 1.0.0.0/8 out of its "reserved" pool and to put it into | |
| 22 the "assignable" pool. AnoNet has no control over ICANN policy, so while | |
| 23 AnoNet did attempt to avoid directly conflicting with IcannNet addresses, | |
| 24 ICANN ultimately made sure that attempt would fail. (If you'd like to | |
| 25 connect to an internet with address space that's still in the ICANN | |
| 26 "reserved" pool, you may want to try VAnet.) Using private address | |
| 27 space is inappropriate for a public network, per RFC1918. (If you'd | |
| 28 like to connect to an internet that uses private address space anyway, | |
| 29 you may want to try dn42 at L<http://www.dn42.net/>.) | |
| 12 | 30 |
| 13 =item If you use 1.0.0.0/8, you're squatting on somebody else's resources. | 31 =item If you use 1.0.0.0/8, you're squatting on somebody else's resources. |
| 14 | 32 |
| 15 If you use 1.0.0.0/8 on the IcannNet, then your statement is correct, but AnoNet and IcannNet are two totally separate public networks, so it's ridiculous to accuse a participant in one to be squatting on resources on the other. ICANN has no divine right to 1.0.0.0/8 (nor to any other netblock, for that matter) outside the IcannNet. | 33 If you use 1.0.0.0/8 on the IcannNet, then your statement is correct, |
| 34 but AnoNet and IcannNet are two totally separate public networks, | |
| 35 so it's ridiculous to accuse a participant in one to be squatting | |
| 36 on resources on the other. ICANN has no divine right to 1.0.0.0/8 | |
| 37 (nor to any other netblock, for that matter) outside the IcannNet. | |
| 38 Moreover, using 10.0.0.0/8 I<would> be squatting on private address | |
| 39 space (address space that's reserved for your own home network), | |
| 40 per RFC1918. (While AnoNet couldn't care less about ICANN, we do use | |
| 41 the IETF protocols (with s/IcannNet/AnoNet/), so if the IETF says that | |
| 42 10.0.0.0/8 is reserved for your own home network, far be it from us to | |
| 43 steal it for some "public" network.) | |
| 16 | 44 |
| 17 =item AnoNet runs on the IcannNet. Therefore, you _are_ squatting. | 45 =item AnoNet runs on the IcannNet. Therefore, you _are_ squatting. |
| 18 | 46 |
| 19 That last accusation has no logical basis. Just because most AnoNet links are tunneled over the IcannNet doesn't give ICANN a right to rule the content of those tunnels. | 47 That last accusation has no logical basis. Just because most AnoNet |
| 48 links are tunneled over the IcannNet doesn't give ICANN a right to rule | |
| 49 the content of those tunnels. | |
| 20 | 50 |
| 21 =item You should move to IPv6, then. | 51 =item You should move to IPv6, then. |
| 22 | 52 |
| 23 AnoNet has no rules, so you're more than welcome to move to IPv6, and/or to try to convince others to do the same. As long as you don't start out with unrealistic expectations, you probably won't be disappointed with the results of your preaching effort. | 53 AnoNet has no rules, so you're more than welcome to move to IPv6, and/or |
| 54 to try to convince others to do the same. As long as you don't start | |
| 55 out with unrealistic expectations, you probably won't be disappointed | |
| 56 with the results of your preaching effort. | |
| 24 | 57 |
| 25 =back | 58 =back |
| 26 | 59 |
| 27 =head2 Peering | 60 =head2 Peering |
| 28 | 61 |
| 29 =over | 62 =over |
| 30 | 63 |
| 31 =item What is peering all about? | 64 =item What is peering all about? |
| 32 | 65 |
| 33 AnoNet is an internet. An internet means an internetwork, or a network that connects between networks. An internetwork is normally constructed by making links between the different networks, and then carrying internetwork traffic along those links. (If network A has a link to network B, then traffic from A to B or from B to A should probably pass through that link.) Such a link is called a "peering," and the two sides of that link are called "peers." On the IcannNet, peerings are normally done over leased lines, but due to the nature of AnoNet, using leased lines isn't much of an option for most peerings. Therefore, most peerings are done over tunnels on the IcannNet. The most common software for AnoNet tunnels is OpenVPN, although tinc and quicktuns are also used. (tinc in particular deserves special attention: it can create a mesh between participants, sacrificing anonymity to achieve lower latency.) | 66 AnoNet is an internet. An internet means an internetwork, or a network |
| 67 that connects between networks. An internetwork is normally constructed | |
| 68 by making links between the different networks, and then carrying | |
| 69 internetwork traffic along those links. (If network A has a link to | |
| 70 network B, then traffic from A to B or from B to A should probably pass | |
| 71 through that link.) Such a link is called a "peering," and the two | |
| 72 sides of that link are called "peers." On the IcannNet, peerings are | |
| 73 normally done over leased lines, but due to the nature of AnoNet, using | |
| 74 leased lines isn't much of an option for most peerings. Therefore, most | |
| 75 peerings are done over tunnels on the IcannNet. The most common software | |
| 76 for AnoNet tunnels is OpenVPN, although tinc and quicktuns are also used. | |
| 77 (tinc in particular deserves special attention: it can create a mesh | |
| 78 between participants, sacrificing anonymity to achieve lower latency.) | |
| 34 | 79 |
| 35 =item Whom should I peer with? | 80 =item Whom should I peer with? |
| 36 | 81 |
| 37 If you want to protect your anonymity, you'll want to peer with only a few others. If you're more interested in getting good latency, you'll want a more promiscuous peering policy. Your peers are able to access certain information (like your IP) that isn't easy for others to access, so the harm in having too many peers is that the secrecy of that information is protected by the "weakest" link. (The greater the number of people who know a secret, the greater the number of people who are likely to hear about it within a given time interval.) | 82 If you want to protect your anonymity, you'll want to peer with only |
| 83 a few others. If you're more interested in getting good latency, | |
| 84 you'll want a more promiscuous peering policy. Your peers are able to | |
| 85 access certain information (like your IP) that isn't easy for others | |
| 86 to access, so the harm in having too many peers is that the secrecy of | |
| 87 that information is protected by the "weakest" link. (The greater the | |
| 88 number of people who know a secret, the greater the number of people | |
| 89 who are likely to hear about it within a given time interval.) | |
| 38 | 90 |
| 39 =item How can I talk to the rest of AnoNet, if I'm only peered with a few others? | 91 =item How can I talk to the rest of AnoNet, if I'm only peered with a few others? |
| 40 | 92 |
| 41 How can you talk to Google, if you're only hooked up to your local ISP? The answer is that your ISP offers you "transit" to its peers, which in turn offer your ISP transit to their peers, etc. (If network A is connected to network B, which itself is connected to network C, then with B's permission network A can talk to network C.) On AnoNet, most peerings have BGP sessions managing the routing tables on both sides, in order to provide mutual transit. (On AnoNet, providing transit is an advantage, since it improves your own anonymity.) | 93 How can you talk to Google, if you're only hooked up to your local ISP? |
| 94 The answer is that your ISP offers you "transit" to its peers, which | |
| 95 in turn offer your ISP transit to their peers, etc. (If network A is | |
| 96 connected to network B, which itself is connected to network C, then | |
| 97 with B's permission network A can talk to network C.) On AnoNet, most | |
| 98 peerings have BGP sessions managing the routing tables on both sides, | |
| 99 in order to provide mutual transit. (On AnoNet, providing transit is | |
| 100 an advantage, since it improves your own anonymity.) | |
| 42 | 101 |
| 43 =item Won't providing transit slow down my Internet connection? | 102 =item Won't providing transit slow down my Internet connection? |
| 44 | 103 |
| 45 If you're the preferred transit provider between two guys who feel like streaming a whole ton of real-time studio-quality video back and forth all day, that can certainly slow down (to put it mildly) your dial-up connection. In reality, most traffic on AnoNet is plain text, so you probably don't have too much to worry about, especially if you have some sort of broadband connection. That said, if it ever _does_ become an issue, all you have to do is stop providing transit (although the particular case above is unlikely to persist even if you do nothing at all, since the two streaming guys will quickly figure out that going through you won't get them anywhere, and they'll most likely seek another transit provider - or even just peer with each other directly), or use simple BGP tricks to make transit through you less attractive to some or all of the AnoNet. | 104 If you're the preferred transit provider between two guys who feel |
| 105 like streaming a whole ton of real-time studio-quality video back and | |
| 106 forth all day, that can certainly slow down (to put it mildly) your | |
| 107 dial-up connection. In reality, most traffic on AnoNet is plain text, | |
| 108 so you probably don't have too much to worry about, especially if you | |
| 109 have some sort of broadband connection. That said, if it ever _does_ | |
| 110 become an issue, all you have to do is stop providing transit (although | |
| 111 the particular case above is unlikely to persist even if you do nothing | |
| 112 at all, since the two streaming guys will quickly figure out that going | |
| 113 through you won't get them anywhere, and they'll most likely seek another | |
| 114 transit provider - or even just peer with each other directly), or use | |
| 115 simple BGP tricks to make transit through you less attractive to some | |
| 116 or all of the AnoNet. | |
| 46 | 117 |
| 47 =back | 118 =back |
| 48 | 119 |
| 49 =head2 DNS | 120 =head2 DNS |
| 50 | 121 |
| 51 =over | 122 =over |
| 52 | 123 |
| 53 =item How is DNS handled on AnoNet? | 124 =item How is DNS handled on AnoNet? |
| 54 | 125 |
| 55 AnoNet has a number of TLDs (Top-Level Domains), the most interesting one being .ano. The entire zone is public (unlike, say, the .com zone on the IcannNet), so you can easily deploy your own TLD nameservers. In fact, the git resdb already includes scripts to generate both tinydns and BIND zonefiles automatically. That said, SRN has public root and TLD nameservers, if you don't feel like setting up your own. SRN also has a public recursive resolver (which also resolves IcannNet names), which you can use if you can't even be bothered to set up your own recursive resolver. Please note that you're telling SRN about all hostnames that you lookup if you do this. (Right now, you're probably telling your ISP the same information, BTW.) | 126 AnoNet has a number of TLDs (Top-Level Domains), the most interesting |
| 127 one being .ano. The entire zone is public (unlike, say, the .com zone | |
| 128 on the IcannNet), so you can easily deploy your own TLD nameservers. | |
| 129 In fact, the git resdb already includes scripts to generate both | |
| 130 tinydns and BIND zonefiles automatically. That said, SRN has public | |
| 131 root and TLD nameservers, if you don't feel like setting up your own. | |
| 132 SRN also has a public recursive resolver (which also resolves IcannNet | |
| 133 names), which you can use if you can't even be bothered to set up your | |
| 134 own recursive resolver. Please note that you're telling SRN about all | |
| 135 hostnames that you lookup if you do this. (Right now, you're probably | |
| 136 telling your ISP the same information, BTW.) | |
| 56 | 137 |
| 57 =item I want my own domain. How can I set it up? | 138 =item I want my own domain. How can I set it up? |
| 58 | 139 |
| 59 You have a number of options, depending on (a) your current infrastructure, and (b) your interest/ability to deploy additional infrastructure. The resource database is just a whole bunch of directories/files stored in a git repository, so adding a domain into "AnoNet" essentially boils down to adding the right files/directories into everybody's git repository. (Fortunately, most guys send and receive updates among themselves on a regular basis, so your new domain should "propagate" around rather quickly, once it's made its way into one repository.) If you have git, you can "git clone" the repository from someone, add your domain (there's a small script to make the job easy, if you don't want to do it by hand), and then send someone a diff. If you feel like setting up your own git server, then all you have to do is make the changes on your own repo, and then tell somebody the URL to your git server. You'll probably want to take advantage of the same opportunity to add your own git URL into the resource database, so others can pull from you on a regular basis. If you don't have git and don't feel like setting it up, all you have to do is find someone else who does have git (or feels like setting it up), and doesn't mind making the changes for you. SRN is always such a "someone." Next, you'll want to set up your nameservers to resolve names within your domain. If you have tinydns or BIND, just read the relevant documentation. If you don't have a nameserver and don't feel like setting one up, tell SRN what names you want (like "www.yourdomain.ano," "ftp.yourdomain.ano," etc.), and he'll add them into his own nameservers. | 140 You have a number of options, depending on (a) your current |
| 141 infrastructure, and (b) your interest/ability to deploy additional | |
| 142 infrastructure. The resource database is just a whole bunch of | |
| 143 directories/files stored in a git repository, so adding a domain into | |
| 144 "AnoNet" essentially boils down to adding the right files/directories into | |
| 145 everybody's git repository. (Fortunately, most guys send and receive | |
| 146 updates among themselves on a regular basis, so your new domain should | |
| 147 "propagate" around rather quickly, once it's made its way into one | |
| 148 repository.) If you have git, you can "git clone" the repository from | |
| 149 someone, add your domain (there's a small script to make the job easy, | |
| 150 if you don't want to do it by hand), and then send someone a diff. | |
| 151 If you feel like setting up your own git server, then all you have to | |
| 152 do is make the changes on your own repo, and then tell somebody the URL | |
| 153 to your git server. You'll probably want to take advantage of the same | |
| 154 opportunity to add your own git URL into the resource database, so others | |
| 155 can pull from you on a regular basis. If you don't have git and don't | |
| 156 feel like setting it up, all you have to do is find someone else who | |
| 157 does have git (or feels like setting it up), and doesn't mind making | |
| 158 the changes for you. SRN is always such a "someone." Next, you'll | |
| 159 want to set up your nameservers to resolve names within your domain. | |
| 160 If you have tinydns or BIND, just read the relevant documentation. | |
| 161 If you don't have a nameserver and don't feel like setting one up, tell | |
| 162 SRN what names you want (like "www.yourdomain.ano," "ftp.yourdomain.ano," | |
| 163 etc.), and he'll add them into his own nameservers. | |
| 60 | 164 |
| 61 =item What can I do with my own domain? | 165 =item What can I do with my own domain? |
| 62 | 166 |
| 63 You can host Web pages, an FTP site, IRC, email, an online shop (but taking payments may not be simple), or anything else that strikes your fancy. | 167 You can host Web pages, an FTP site, IRC, email, an online shop (but |
| 168 taking payments may not be simple), or anything else that strikes | |
| 169 your fancy. | |
| 64 | 170 |
| 65 =back | 171 =back |
| 66 | 172 |
| 67 =head2 Censorship | 173 =head2 Censorship |
| 68 | 174 |
| 69 =over | 175 =over |
| 70 | 176 |
| 71 =item Is it safe to speak my mind on AnoNet? | 177 =item Is it safe to speak my mind on AnoNet? |
| 72 | 178 |
| 73 The short answer is "probably." The long answer is that nobody has ever been censored on AnoNet2, a fact that's not likely to change. (If that fact ever does change, it'll be noted here as soon as possible.) | 179 The short answer is "probably." The long answer is that nobody has |
| 180 ever been censored on AnoNet2, a fact that's not likely to change. | |
| 181 (If that fact ever does change, it'll be noted here as soon as possible.) | |
| 74 | 182 |
| 75 =item Will I be censored for child porn? | 183 =item Will I be censored for child porn? |
| 76 | 184 |
| 77 AnoNet1 has an official policy against CP, and it redefines "censorship" to not include censoring CP. AnoNet2 has no policies. That said, you're not likely to find any CP here, since that's simply not a common contribution to AnoNet2. (Whether or not it'd be a welcome contribution is something you'll want to take up with individual participants. SRN would like you to know that he believes the CP (and porn, in general) industry destroys the world for no useful purpose. Nobody else has voiced an opinion here.) | 185 AnoNet1 has an official policy against CP, and it redefines "censorship" |
| 186 to not include censoring CP. AnoNet2 has no policies. That said, | |
| 187 you're not likely to find any CP here, since that's simply not a common | |
| 188 contribution to AnoNet2. (Whether or not it'd be a welcome contribution | |
| 189 is something you'll want to take up with individual participants. | |
| 190 SRN would like you to know that he believes the CP (and porn, in general) | |
| 191 industry destroys the world for no useful purpose. Nobody else has | |
| 192 voiced an opinion here.) | |
| 78 | 193 |
| 79 =item Will I be censored for hateful speech? | 194 =item Will I be censored for hateful speech? |
| 80 | 195 |
| 81 It depends on the forum. If you do it on your own server, don't expect too many people to hang around there if you make a practice of making it unpleasant for them to be there. If you start cursing people out on somebody else's IRC server for no apparent reason, there's a non-trivial chance that the operator will /kill your connection. SRN encourages you to set up your own channel on irc.somerandomnick.ano, and to say whatever the heck you want there. | 196 It depends on the forum. If you do it on your own server, don't expect |
| 197 too many people to hang around there if you make a practice of making | |
| 198 it unpleasant for them to be there. If you start cursing people out on | |
| 199 somebody else's IRC server for no apparent reason, there's a non-trivial | |
| 200 chance that the operator will /kill your connection. SRN encourages | |
| 201 you to set up your own channel on irc.somerandomnick.ano, and to say | |
| 202 whatever the heck you want there. | |
| 82 | 203 |
| 83 =item Will I be censored for trolling? | 204 =item Will I be censored for trolling? |
| 84 | 205 |
| 85 Since "trolling" is an overly ambiguous term, it's highly unlikely that you'll ever get /kicked or /killed for doing it. In fact, SRN encourages you to out-troll him on irc.somerandomnick.ano. That said, you should certainly expect people to /ignore you if you make a practice of saying stuff that people really don't want to hear. (You may want to create a separate IRC nick for trolling, if you anticipate trolling a lot, but want people to still hear you when you have something interesting to say.) | 206 Since "trolling" is an overly ambiguous term, it's highly unlikely that |
| 207 you'll ever get /kicked or /killed for doing it. In fact, SRN encourages | |
| 208 you to see if you can out-troll him on irc.somerandomnick.ano. That said, | |
| 209 you should certainly expect people to /ignore you if you make a practice | |
| 210 of saying stuff that people really don't want to hear. (You may want to | |
| 211 create a separate IRC nick for trolling, if you anticipate trolling a lot, | |
| 212 but want people to still hear you when you have something interesting | |
| 213 to say: this way, everybody wins.) | |
| 86 | 214 |
| 87 =item Will I be censored for spreading lies? | 215 =item Will I be censored for spreading lies? |
| 88 | 216 |
| 89 not likely, but people may /ignore you if you make a practice of saying stuff that people don't want to hear | 217 not likely, but people may /ignore you if you make a practice of saying |
| 90 | 218 stuff that people don't consider worth hearing |
| 91 =back | 219 |
| 220 =back |