• Cabal

    From NuSkooler@21:1/121 to All on Thu Dec 31 16:24:33 2020
    Something I've been experimenting with lately is Cabal (https://cabal.chat), a fully decentralized and encrypted chat platform.

    The TL;DR:
    * FULLY decentralized: If a node goes away and never comes back, that's fine. No central "owner".
    * Anyone with the proper secret key (cabal://longhashhere) can partipate in chat. Anyone else is out of luck (e.g. no wire snooping)
    * In general, IRC-like
    * Existing TUI works great with 80x25/ANSI

    What are others thoughts on this? We have IRC (which _can_ be encrypted, but you need a central server to enforce it), we have MRC (which I love, and is certainly a bit more *BBS* oriented, but not decentralized or encrypted).



    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From deon@21:2/116 to NuSkooler on Fri Jan 1 10:38:53 2021
    Re: Cabal
    By: NuSkooler to All on Thu Dec 31 2020 04:24 pm

    Howdy,

    Happy New Year!

    Something I've been experimenting with lately is Cabal (https://cabal.chat), a fully decentralized and encrypted chat
    platform.

    What are others thoughts on this? We have IRC (which _can_ be encrypted, but you need a central server to enforce it), we
    have MRC (which I love, and is certainly a bit more *BBS* oriented, but not decentralized or encrypted).

    Ive been playing with matrix for the same reasons.

    With matrix you can write "plugins", so that you can bring in chats with other environments - I was thinking of trying to see if I could run a echomail area via it - but too many other things to do first.

    I use matrix hooked up to Synchronet's IRC - works well...

    ...ëîåï

    ... Illiteratets of the wlord. Untie!
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From paulie420@21:2/150 to NuSkooler on Thu Dec 31 17:48:32 2020
    Something I've been experimenting with lately is Cabal (https://cabal.chat), afully decentralized and encrypted chat platform.

    The TL;DR:
    * FULLY decentralized: If a node goes away and never comes back, that's fine.No central "owner".
    * Anyone with the proper secret key (cabal://longhashhere) can partipate inchat. Anyone else is out of luck (e.g. no wire snooping)
    * In general, IRC-like
    * Existing TUI works great with 80x25/ANSI

    What are others thoughts on this? We have IRC (which _can_ be encrypted, butyou need a central server to enforce it), we have MRC (which I love, and iscertainly a bit more *BBS* oriented, but not decentralized or encrypted).



    Interesting... above my pay scale, but I'm sure I could enjoy it as a user... I love MRC, and use it. I've always been a fan of IRC, and have used it over the decades for many different things. I'm also on the Discord bandwagon.. because its awesome, and feature-rich....

    I'd love some text based chat that had better features than IRC, or MRC... altho both of those work for what I need. My wants, tho... would be Discord-level features, with encryption in a text mode chat service.

    Thanks for turning me on to Cabal, although I don't know if I'll be able to implement it anywhere worthwhile.



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2020/11/23 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From Vk3jed@21:1/109 to NuSkooler on Fri Jan 1 17:50:00 2021
    On 12-31-20 16:24, NuSkooler wrote to All <=-

    Something I've been experimenting with lately is Cabal (https://cabal.chat), a fully decentralized and encrypted chat
    platform.

    Sounds interesting. :)


    ... You don't know what you are, do you?
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to deon on Fri Jan 1 17:51:00 2021
    On 01-01-21 10:38, deon wrote to NuSkooler <=-

    Ive been playing with matrix for the same reasons.

    With matrix you can write "plugins", so that you can bring in chats
    with other environments - I was thinking of trying to see if I could
    run a echomail area via it - but too many other things to do first.

    I use matrix hooked up to Synchronet's IRC - works well...

    Now this sounds really cool too. :)


    ... Have you ever imagined a world with no hypothetical situations?
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From NuSkooler@21:1/121 to deon on Fri Jan 1 12:20:26 2021

    deon around Saturday, January 2nd...
    With matrix you can write "plugins", so that you can bring in chats with other environments - I was thinking of trying to see if I could run a echomail area via it - but too many other things to do first.

    EchoMail is something I have on my list to look into for decentralized as well. I love the idea of decentralized and fully E2E Echo.



    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Oli@21:3/102 to NuSkooler on Fri Jan 1 19:43:22 2021
    NuSkooler wrote (2020-12-31):

    Something I've been experimenting with lately is Cabal (https://cabal.chat), a fully decentralized and encrypted chat platform.

    The TL;DR:
    * FULLY decentralized: If a node goes away and never comes back, that's fine. No central "owner".
    * Anyone with the proper secret key (cabal://longhashhere) can partipate
    in chat. Anyone else is out of luck (e.g. no wire snooping)
    * In general, IRC-like
    * Existing TUI works great with 80x25/ANSI

    What are others thoughts on this? We have IRC (which _can_ be encrypted, but you need a central server to enforce it), we have MRC (which I love, and is certainly a bit more *BBS* oriented, but not decentralized or encrypted).

    New chat/messaging systems come and go while the world has settled for slack, whatsapp, wechat, telegram, discord for the next couple of years. No open p2p chat was ever successful and most p2p chats never addressed the problem with power consumption on mobile devices. Is text chat still a thing or is it all video conferences nowadays? ;)

    I think the cabal encryption is completely stupid. If you have the key, you have access to all messages in the channel (if any of the participants is still online). Keys/URLs leak easily (someone posts it on twitter, ...). Also nothing special with cabal that hasn't been done with other p2p chat software before (IMO). I also don't understand how Cabal is IRC like. IRC has all kind of permissions and offers public and non-public list of channels. How would you join cabal, if you don't have exchanged a key/URL by other means?

    A fully decentralized chat system that works for everyone with e2e encryption and useful features would be nice. I think federated communication systems have failed in one way or another: email, xmpp, fidonet, irc (not really federated), matrix. Unfortunately p2p chat seems to be one experimental implementation after another only few have ever heard of or used it. Most people are happy with the known centralized systems I mentioned above, because they just work (until they don't and then everybody moves on to the next one-to-rule-it-all service). (Telehash (by the creator of XMPP) looked really interesting, but it's missing an implementation and seems to be abandoned).

    I would propose extending binkp with a messaging extension, just for the sake of being based on retro technology ;-P

    ---
    * Origin: (21:3/102)
  • From Oli@21:3/102 to deon on Fri Jan 1 20:55:40 2021
    deon wrote (2021-01-01):

    With matrix you can write "plugins", so that you can bring in chats with other environments - I was thinking of trying to see if I could run a echomail area via it - but too many other things to do first.

    this sound really horrible.

    ---
    * Origin: (21:3/102)
  • From NuSkooler@21:1/121 to Oli on Fri Jan 1 22:29:29 2021

    On Saturday, January 2nd Oli muttered...
    New chat/messaging systems come and go while the world has settled for slack, whatsapp, wechat, telegram, discord for the next couple of years. No open p2p chat was ever successful and most p2p chats never addressed the problem with power consumption on mobile devices. Is text chat still a thing or is it all video conferences nowadays? ;)

    Not exactly the audience here. A number of us are on those, but clearly we're all using other 'non-standard' / non-mainstream systems. I have Cabal experimentally hooked up on Xibabla - users don't need to know/care that it's "Cabal", just that it works.


    On Saturday, January 2nd Oli said...
    I think the cabal encryption is completely stupid. If you have the key, you have access to all messages in the channel (if any of the participants is still online)

    Uh, you literally just described every single symetric key system. If you have the key, you can get in. Yes. That's how keys work. If I post the key to *anything* then "oops".

    Twas Saturday, January 2nd when Oli said...
    other p2p chat software before (IMO). I also don't understand how Cabal is IRC like. IRC has all kind of permissions and offers public and non-public list of channels.

    I can see you didn't try it or read their docs. Ther are channels, (decentralized) channel mods, so on.


    On Saturday, January 2nd Oli muttered...
    How would you join cabal, if you don't have
    exchanged a key/URL by other means?

    Not sure what this is asking. You wouldn't. You need the key to get in, that's the point.

    Twas Saturday, January 2nd when Oli said...
    A fully decentralized chat system that works for everyone with e2e encryption and useful features would be nice.

    ...but that's what this is.

    On Saturday, January 2nd Oli muttered...
    (Telehash (by the creator of XMPP) looked really interesting, but it's missing an implementation and seems to be abandoned).

    Yep



    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From NuSkooler@21:1/121 to Oli on Fri Jan 1 22:29:58 2021

    On Saturday, January 2nd Oli said...
    this sound really horrible.

    Amazing insight.


    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Oli@21:3/102 to NuSkooler on Sat Jan 2 10:36:26 2021
    NuSkooler wrote (2021-01-01):

    I think the cabal encryption is completely stupid. If you have the
    key, you have access to all messages in the channel (if any of the
    participants is still online)

    Uh, you literally just described every single symetric key system. If you have the key, you can get in. Yes. That's how keys work. If I post the
    key to *anything* then "oops".

    Which symmetric key systems that are used in internet software are you talking about? TLS connections, Signal, Whatsapp, Matrix Olm/Megolm, XMPP OMEMO are using symmetric keys too, but they don't use the password for entering a chat as the symmetric key to encrypt the connection and all messages.

    "All traffic is encrypted using a symmetric key, meaning that anybody who has the cabal://abcdef key can read cabal network traffic."

    It suggest than a man-in-the middle can capture cabal network traffic and decrypt everything without even appearing as a participant in the channel if they know the key. Or capture traffic and decrypt it later when they get hold of the key.

    Which other messaging systems use this kind of simplistic encryption?

    Twas Saturday, January 2nd when Oli said...
    other p2p chat software before (IMO). I also don't understand how
    Cabal is IRC like. IRC has all kind of permissions and offers
    public and non-public list of channels.

    I can see you didn't try it or read their docs. Ther are channels, (decentralized) channel mods, so on.

    I don't see any docs on their website. Do you have a link to the docs.

    On Saturday, January 2nd Oli muttered...
    How would you join cabal, if you don't have
    exchanged a key/URL by other means?

    Not sure what this is asking. You wouldn't. You need the key to get in, that's the point.

    I can log in to IRC, Slack, Matrix, Rocket.Chat, Mattermost and see a list of channels and the channels I'm allowed to enter. I don't need to exchange keys/URLs over another medium.

    ---
    * Origin: (21:3/102)
  • From Bob Roberts@21:2/118 to Oli on Sat Jan 2 11:45:35 2021
    I would propose extending binkp with a messaging extension, just for the sake of being based on retro
    technology ;-P

    Haha. Good look getting that thru the FTSC.

    I like slack and discord. Both seem like logical progressions of IRC. Even if a "company" owns them, its not all bad. At least they are always up.

    Bob Roberts
    --- SBBSecho 3.12-Linux
    * Origin: Halls of Valhalla -=- San Francisco (21:2/118)
  • From NuSkooler@21:1/121 to Oli on Sat Jan 2 12:46:46 2021

    On Saturday, January 2nd Oli was heard saying...
    Which symmetric key systems that are used in internet software are you talking about? TLS connections, Signal, Whatsapp, Matrix Olm/Megolm, XMPP OMEMO are using symmetric keys too, but they don't use the password for entering a chat as the symmetric key to encrypt the connection and all messages.

    TLS uses public key crypto: Any client can communicate with the server that owns the *private* key -- the client must only trust the certificates served. You can use client auth with TLS as well where the server only trusts paritcular client certs.

    Signal lets users compare pub keys -- you establish trust between two users, then use keys to encrypt.

    The password in all of the above is in the key material.

    Users of Cabal do not "enter a password" either. It's there in the hash, which becomes a URL.

    On Saturday, January 2nd Oli said...
    It suggest than a man-in-the middle can capture cabal network traffic and decrypt everything without even appearing as a participant in the channel if they know the key.

    MITM works with public key (e.g. SSL/TLS) crypto via hijacking trust: Decrypt then re-encrypt with new Private Key whilst putting in a Certificate Authority that the client (victim) trusts or hopefully will trust.

    It's not applicable here.

    On Saturday, January 2nd Oli muttered...
    Or capture traffic and decrypt it later when they
    get hold of the key.

    Having the key in hand isn't some sort of hack, it's having the key in hand...


    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Avon@21:1/101 to NuSkooler on Mon Jan 4 09:53:46 2021
    On 31 Dec 2020 at 04:24p, NuSkooler pondered and said...

    Something I've been experimenting with lately is Cabal (https://cabal.chat), a fully decentralized and encrypted chat platform.

    This sort of thing interests me as well... sorry I'm a bit late to the party
    on this thread, just reading up on all of the chatter now :)

    What are others thoughts on this? We have IRC (which _can_ be encrypted, but you need a central server to enforce it), we have MRC (which I love, and is certainly a bit more *BBS* oriented, but not decentralized or encrypted).

    I'd like to see something like this for echomail vs a IRC/MRC style chat. Not sure how it would play out as have not given this much thought and the head
    is rather full of TO-DO items already (sigh) but yeah, thanks for posting
    this. I'll try to find some time to take a look/have a play.

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to deon on Mon Jan 4 09:56:03 2021
    On 01 Jan 2021 at 10:38a, deon pondered and said...

    Ive been playing with matrix for the same reasons.

    With matrix you can write "plugins", so that you can bring in chats with other environments - I was thinking of trying to see if I could run a echomail area via it - but too many other things to do first.

    I started to look at Matrix but have not made progress, like you I like the idea of leveraging something p2p/decentralized/encrypted for echomail.

    If/when you start on this, please let me know :)

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to NuSkooler on Mon Jan 4 09:56:39 2021
    On 01 Jan 2021 at 12:20p, NuSkooler pondered and said...

    EchoMail is something I have on my list to look into for decentralized
    as well.
    I love the idea of decentralized and fully E2E Echo.

    Yep sums up me also :)

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Bob Roberts@21:2/118 to Avon on Sun Jan 3 13:38:18 2021
    EchoMail is something I have on my list to look into for decentralized
    as well.
    I love the idea of decentralized and fully E2E Echo.

    Yep sums up me also :)

    Isn't that what the "Fidoweb" concept is? Any two nodes can connect and exchange Echomail which gets distributed to any links, and so on.... relying on de-dupe process in mail tossers to prevent total chaos.

    Bob Roberts
    --- SBBSecho 3.12-Linux
    * Origin: Halls of Valhalla -=- San Francisco (21:2/118)
  • From NuSkooler@21:1/121 to Avon on Sun Jan 3 14:55:20 2021

    Twas Tuesday, January 5th when Avon said...
    I'd like to see something like this for echomail vs a IRC/MRC style chat. Not sure how it would play out as have not given this much thought and the head is rather full of TO-DO items already (sigh) but yeah, thanks for posting this. I'll try to find some time to take a look/have a play.

    For chat, it "just works" with their CLI. But yeah, I'd really like to start thinking more about a distributed EchoMail system more. Something like this could certainly work.



    --
    |08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
    |08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
    |08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Charles Pierson@21:4/127 to Avon on Sun Jan 3 15:25:25 2021
    On 04 Jan 2021, Avon said the following...
    Ive been playing with matrix for the same reasons.

    With matrix you can write "plugins", so that you can bring in chats w other environments - I was thinking of trying to see if I could run a echomail area via it - but too many other things to do first.

    I started to look at Matrix but have not made progress, like you I like the idea of leveraging something p2p/decentralized/encrypted for
    echomail.

    If/when you start on this, please let me know :)


    It's an intwresting idea, If I'm understanding what you're talking about. Although decentrailized echomail I'm having a little trouble fuguring out.

    --- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
    * Origin: theoasisbbs.ddns.net:1357 (21:4/127)
  • From NuSkooler@21:1/121 to Bob Roberts on Sun Jan 3 14:57:34 2021

    On Sunday, January 3rd Bob Roberts was heard saying...
    Isn't that what the "Fidoweb" concept is? Any two nodes can connect and exchange Echomail which gets distributed to any links, and so on.... relying on de-dupe process in mail tossers to prevent total chaos.

    To an extent. FTN still has a central owner and particular hubs. Something fully decentralized has neither.


    --
    |08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
    |08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
    |08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
    --- ENiGMA 1/2 v0.0.12-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Alpha@21:4/158 to NuSkooler on Sun Jan 3 14:35:16 2021
    To an extent. FTN still has a central owner and particular hubs.
    Something fully decentralized has neither.

    Love this idea. Happy to pitch in whatever way to explore/test this :)


    --- Talisman v0.9-dev (Linux/x86_64)
    * Origin: Corporation X BBS (21:4/158)
  • From Bob Roberts@21:2/118 to NuSkooler on Sun Jan 3 15:14:09 2021
    Isn't that what the "Fidoweb" concept is? Any two nodes can connect and
    exchange Echomail which gets distributed to any links, and so on....
    relying on de-dupe process in mail tossers to prevent total chaos.

    To an extent. FTN still has a central owner and particular hubs. Something fully decentralized has
    neither.

    Perhaps all that is needed is a distributed Nodelist? Basically each node would compile a copy of the nodelist based on their links. They would advertise those links across the network in a way that each node has a copy of what every other node is linked to. Nodes that don't connect/poll for a certain time period would be dropped by all other nodes.

    You would need a way to advertise how to get that initial first connection "in," and a way to prevent a rogue node from poisoning the network.

    Bob Roberts
    --- SBBSecho 3.12-Linux
    * Origin: Halls of Valhalla -=- San Francisco (21:2/118)