Semantic search

Jump to: navigation, search


MasterPassword
Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.
Mod security
'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.
MongooseIM
MongooseIM is aimed at large, complex enterprise level projects where real-time communication is critical for business success. It provides high availability, ease of deployment, development and reliability in production. The MongooseIM platform includes server-side components and client libraries. It has also contributed to open source third party XMPP libraries: Smack for Android and XMPP framework for iOS. Built around proven technologies XMPP/Jabber, it adds a simple client/server REST API for front-end and back-end integration.
NSBD
Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.
NetCube
NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.
NextTypes
NextTypes is a standards based information storage, processing and transmission system that integrates the characteristics of other systems such as databases, programming languages, communication protocols, file systems, document managers, operating systems, frameworks, file formats and hardware in a single tightly integrated system using a common data types system. NextTypes is a relational/network/objects/files hybrid database system with high level SQL interface, extensive primitive types list, JSON/JSON-LD/XML/Smile/WebDAV/CalDAV/iCalendar/RSS data access, REST interface, customizable MVC architecture, optimistic concurrency control, HTML5/CSS3/SVG/Javascript responsive graphical interface, multilanguage, UTF-8 encoding, syntax highlighting or WYSIWYG editors, robots.txt and sitemap management, text extraction/fulltext search, document management, virus scanning, DoS/SQL injection/CSRF/XSS protection, passwords/X.509 certificates authentication, logging and backup system.
OnionShare
What is OnionShare? OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you. How to Use Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL. This is the secret URL that can be used to download the file you're sharing. Send this URL to the person you're sending the files to. If the files you're sending aren't secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you're sending secret files then it's important to send this URL securely. The person who is receiving the files doesn't need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.\
OpenVPN
OpenVPN lets you to treat a collection of remote machines as though they are on the same network. The connections on this new, virtual network are secured by TLS/SSL. One machine acts as the network server, the others as clients. OpenVPN can also be a component in a TLS tunnel, where the client connects only to the OpenVPN server, which makes additional connections on the client's behalf.
Pica Pica Messenger
Pica Pica is a project aimed to create and support distributed decentralized secure instant messaging system. Pica Pica network consists of nodes and clients. Nodes are hosted by volunteers on their computers. Nodes connect to each other and exchange info about other nodes and online clients, transfer encrypted data between clients. All data transferred between clients is protected by end-to-end encryption using TLS 1.2 protocol. Users are identified by unique SHA224 hash of their certificate which is generated during account creation.
Pound
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Pound proxies HTTO _and HTTPS requests simultaneously. In addition, it knows about failed back-end servers and can redirect requests according to their availability. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine. It needs at least the configuration file (read-only) and, optionally, the HTTPS server certificate (read-only).
Privacy Redirect
Redirects Twitter, YouTube, Instagram, Google Maps and Reddit requests to privacy friendly alternatives such as Nitter, Invidious, Bibliogram and OpenStreetMap. Allows for setting custom instances or random choice, toggling all redirects on/off and more.
Privoxy
Privoxy is a Web proxy based on Internet Junkbuster with advanced filtering capabilities for protecting privacy, filtering Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk. It is useful for both stand-alone systems and multi-user networks.
Protector
'Protector' is a low maintenance e-mail virus blockade system that runs under Sendmail. It runs on e-mail servers that handle in-bound messages, checks incoming e-mail for attachments that could contain viruses, worms, etc., and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.
PyBitmessage
PyBitmessage is the official instant messaging client designed for Bitmessage(a P2P encrypted decentralised communication protocol).
Red Matrix
Originally authored by Mike Macgirvin (also the original author of Friendica), the RedMatrix is a super network created from a huge number of smaller independent and autonomous websites - which are linked together into a cooperative publishing and social platform. It consists of an open source webapp providing a complete multi-user decentralised publishing, sharing, and communications system - known as a "hub". Each hub provides communications (private messaging, chat, blogging, forums, and social networking), along with media management (photos, events, files, web pages, shareable apps) for its members; all in a feature-rich platform. These hubs automatically reach out and connect with each other and the rest of the matrix. Privacy and content ownership always remain under the direct personal control of the individual; and permission to access any item can be granted or denied to anybody in the entire matrix. What makes the RedMatrix unique is what we call "magic authentication" - which is based on our groundbreaking work in decentralised identity services. No other platform provides this ability. Within the matrix the boundaries between different hubs are blurred or seemingly non-existent. Identity in the matrix is considered transient and potentially nomadic. "Who you are" has nothing to do with "what computer you're connected to", and website content can adapt itself according to who is viewing it. You have the ability to "clone" your identity to other hubs; which allows you to continue to communicate with your friends seamlessly if your primary hub is ever disabled (temporarily or permanently). The RedMatrix is ideal for communities of any size, from private individuals and families to online forums, business websites, and organisations. It can be used by anybody who has communications or web content that they wish to share, but where they desire complete control of whom they share it with.
Remcage
RemCage is an accounts simple manager to set them to access through SFTP in jailed directories (chrooted). Useful for fileservers and public webservers. You can expand directory sharing through all networks without SMB/CIFS, and throw away unsecure FTP protocol from webservers.
SILC Client
SILC (Secure Internet Live Conferencing) is a protocol which provides secure Internet conferencing services over insecure channels. It superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated. The SILC also supports secure file transferring. There is the SILC Client for end users, the SILC Server for system administrators, and the SILC Toolkit for application developers.
SILC Toolkit
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. SILC uses strong cryptographic methods to secure all traffic; it encrypts and authenticates all messages. It also supports secure file transferring. The SILC is delivered as SILC Client for end users, SILC Server for system administrators, and SILC Toolkit for application developers.
SNORT
Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.
Seafile
Seafile provides the full facilities to replace proprietary cloud storage and file syncing solutions. It offers the ability to self-host the server on your own hardware as well as make use of commercial services that host it for you. It offers a desktop client for all major operating systems. Major features include:
  • File syncing
  • File version control
  • Client side encryption
  • Public share linking
  • Group and Organisation collaboration
Seafile Community Edition may be used as a free software replacement for Dropbox, Spideroak, Wuala and similar proprietary programs and services. Seafile Professional Edition is not free software as per the license outlined here: https://manual.seafile.com/deploy_pro/seafile_professional_sdition_software_license_agreement/

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.

Retrieved from "https://directory.fsf.org/wiki/Special:Ask"